diff --git a/argocd/helm/kubedb.yaml b/argocd/helm/kubedb.yaml index 2bd0576..b577ff5 100644 --- a/argocd/helm/kubedb.yaml +++ b/argocd/helm/kubedb.yaml @@ -8,7 +8,7 @@ spec: source: chart: kubedb repoURL: ghcr.io/appscode-charts - targetRevision: v2025.2.19 + targetRevision: v2025.3.24 helm: values: | ace-user-roles: @@ -25,17 +25,23 @@ spec: - jsonPointers: - /data kind: Secret - name: kubedb-kubedb-webhook-server-apiserver-cert + name: kubedb-kubedb-webhook-server-cert namespace: kubedb - jsonPointers: - /data kind: Secret - name: kubedb-petset-webhook-cert + name: kubedb-petset-cert + namespace: kubedb + - jsonPointers: + - /data + kind: Secret + name: kubedb-sidekick-cert namespace: kubedb + - group: admissionregistration.k8s.io kind: MutatingWebhookConfiguration - name: kubedb-petset + name: mutators.petset.appscode.com jqPathExpressions: - .webhooks[].clientConfig.caBundle - group: admissionregistration.k8s.io @@ -43,9 +49,31 @@ spec: name: mutators.kubedb.com jqPathExpressions: - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + name: mutators.autoscaling.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + name: mutators.elasticsearch.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + name: mutators.schema.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + + - group: admissionregistration.k8s.io kind: ValidatingWebhookConfiguration - name: kubedb-petset + name: validators.autoscaling.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.elasticsearch.kubedb.com jqPathExpressions: - .webhooks[].clientConfig.caBundle - group: admissionregistration.k8s.io @@ -53,106 +81,56 @@ spec: name: validators.kubedb.com jqPathExpressions: - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.ops.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.petset.appscode.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.schema.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.autoscaling.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.elasticsearch.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.kafka.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.ops.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.schema.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.autoscaling.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.elasticsearch.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.kafka.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.ops.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.postgres.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.schema.kubedb.com - jsonPointers: - - /spec/caBundle - group: apps - kind: Deployment - name: kubedb-petset-webhook-server + kind: StatefulSet + name: kubedb-kubedb-autoscaler namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps - kind: Deployment - name: kubedb-kubedb-autoscaler + kind: StatefulSet + name: kubedb-kubedb-ops-manager namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps - kind: Deployment - name: kubedb-kubedb-ops-manager + kind: StatefulSet + name: kubedb-kubedb-provisioner namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps kind: Deployment - name: kubedb-kubedb-provisioner + name: kubedb-kubedb-webhook-server namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps kind: Deployment - name: kubedb-kubedb-webhook-server + name: kubedb-petset namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps kind: Deployment - name: kubedb-petset-webhook-server + name: kubedb-sidekick namespace: kubedb jsonPointers: - - /spec/template/metadata/annotations/checksum~1apiregistration.yaml + - /spec/template/metadata/annotations/reload diff --git a/argocd/helm/kubestash.yaml b/argocd/helm/kubestash.yaml index 1330f0d..994ecb0 100644 --- a/argocd/helm/kubestash.yaml +++ b/argocd/helm/kubestash.yaml @@ -8,7 +8,7 @@ spec: source: chart: kubestash repoURL: ghcr.io/appscode-charts - targetRevision: v2025.2.10 + targetRevision: v2025.3.24 helm: values: | ace-user-roles: @@ -25,17 +25,17 @@ spec: - jsonPointers: - /data kind: Secret - name: kubestash-kubestash-operator-webhook-cert + name: kubestash-kubestash-operator-cert namespace: kubestash - group: apps kind: Deployment name: kubestash-kubestash-operator-operator namespace: kubestash jsonPointers: - - /spec/template/metadata/annotations/checksum~1apiregistration.yaml + - /spec/template/metadata/annotations/reload - group: apps kind: Deployment name: kubestash-kubestash-operator-webhook-server namespace: kubestash jsonPointers: - - /spec/template/metadata/annotations/checksum~1apiregistration.yaml + - /spec/template/metadata/annotations/reload diff --git a/argocd/helm/license-proxyserver.yaml b/argocd/helm/license-proxyserver.yaml index f80cf45..72720a7 100644 --- a/argocd/helm/license-proxyserver.yaml +++ b/argocd/helm/license-proxyserver.yaml @@ -8,7 +8,7 @@ spec: source: chart: license-proxyserver repoURL: ghcr.io/appscode-charts - targetRevision: v2025.1.17 + targetRevision: v2025.3.14 helm: values: | platform: diff --git a/argocd/helm/monitoring-operator.yaml b/argocd/helm/monitoring-operator.yaml new file mode 100644 index 0000000..a8d8c8d --- /dev/null +++ b/argocd/helm/monitoring-operator.yaml @@ -0,0 +1,49 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: monitoring-operator + namespace: argocd +spec: + project: default + source: + chart: monitoring-operator + repoURL: ghcr.io/appscode-charts + targetRevision: v2025.3.14 + helm: + values: | + tolerations: + - key: "role" + operator: "Equal" + value: "worker_node_svc" + effect: "NoSchedule" + monitoring: + agent: "prometheus.io/operator" + serviceMonitor: + labels: + release: prometheus-operator + + destination: + server: "https://kubernetes.default.svc" + namespace: monitoring + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + + ignoreDifferences: + - jsonPointers: + - /data + kind: Secret + name: monitoring-operator-apiserver-cert + namespace: monitoring + - group: apiregistration.k8s.io + kind: APIService + name: v1alpha1.ui.openviz.dev + jsonPointers: + - /spec/caBundle + - group: apps + kind: Deployment + name: monitoring-operator + namespace: monitoring + jsonPointers: + - /spec/template/metadata/annotations/checksum~1apiregistration.yaml diff --git a/argocd/kustomize/kubedb.yaml b/argocd/kustomize/kubedb.yaml index 11b5a3e..bf09bfd 100644 --- a/argocd/kustomize/kubedb.yaml +++ b/argocd/kustomize/kubedb.yaml @@ -19,17 +19,23 @@ spec: - jsonPointers: - /data kind: Secret - name: kubedb-kubedb-webhook-server-apiserver-cert + name: kubedb-kubedb-webhook-server-cert namespace: kubedb - jsonPointers: - /data kind: Secret - name: kubedb-petset-webhook-cert + name: kubedb-petset-cert + namespace: kubedb + - jsonPointers: + - /data + kind: Secret + name: kubedb-sidekick-cert namespace: kubedb + - group: admissionregistration.k8s.io kind: MutatingWebhookConfiguration - name: kubedb-petset + name: mutators.petset.appscode.com jqPathExpressions: - .webhooks[].clientConfig.caBundle - group: admissionregistration.k8s.io @@ -37,9 +43,31 @@ spec: name: mutators.kubedb.com jqPathExpressions: - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + name: mutators.autoscaling.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + name: mutators.elasticsearch.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + name: mutators.schema.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + + - group: admissionregistration.k8s.io kind: ValidatingWebhookConfiguration - name: kubedb-petset + name: validators.autoscaling.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.elasticsearch.kubedb.com jqPathExpressions: - .webhooks[].clientConfig.caBundle - group: admissionregistration.k8s.io @@ -47,106 +75,56 @@ spec: name: validators.kubedb.com jqPathExpressions: - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.ops.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.petset.appscode.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle + - group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validators.schema.kubedb.com + jqPathExpressions: + - .webhooks[].clientConfig.caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.autoscaling.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.elasticsearch.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.kafka.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.ops.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.mutators.schema.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.autoscaling.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.elasticsearch.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.kafka.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.ops.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.postgres.kubedb.com - jsonPointers: - - /spec/caBundle - - group: apiregistration.k8s.io - kind: APIService - name: v1alpha1.validators.schema.kubedb.com - jsonPointers: - - /spec/caBundle - group: apps - kind: Deployment - name: kubedb-petset-webhook-server + kind: StatefulSet + name: kubedb-kubedb-autoscaler namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps - kind: Deployment - name: kubedb-kubedb-autoscaler + kind: StatefulSet + name: kubedb-kubedb-ops-manager namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps - kind: Deployment - name: kubedb-kubedb-ops-manager + kind: StatefulSet + name: kubedb-kubedb-provisioner namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps kind: Deployment - name: kubedb-kubedb-provisioner + name: kubedb-kubedb-webhook-server namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps kind: Deployment - name: kubedb-kubedb-webhook-server + name: kubedb-petset namespace: kubedb jsonPointers: - /spec/template/metadata/annotations/reload - group: apps kind: Deployment - name: kubedb-petset-webhook-server + name: kubedb-sidekick namespace: kubedb jsonPointers: - - /spec/template/metadata/annotations/checksum~1apiregistration.yaml + - /spec/template/metadata/annotations/reload diff --git a/argocd/kustomize/kubestash.yaml b/argocd/kustomize/kubestash.yaml index 95663e4..41a4afe 100644 --- a/argocd/kustomize/kubestash.yaml +++ b/argocd/kustomize/kubestash.yaml @@ -19,17 +19,17 @@ spec: - jsonPointers: - /data kind: Secret - name: kubestash-kubestash-operator-webhook-cert + name: kubestash-kubestash-operator-cert namespace: kubestash - group: apps kind: Deployment name: kubestash-kubestash-operator-operator namespace: kubestash jsonPointers: - - /spec/template/metadata/annotations/checksum~1apiregistration.yaml + - /spec/template/metadata/annotations/reload - group: apps kind: Deployment name: kubestash-kubestash-operator-webhook-server namespace: kubestash jsonPointers: - - /spec/template/metadata/annotations/checksum~1apiregistration.yaml + - /spec/template/metadata/annotations/reload diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/NOTES.txt deleted file mode 100644 index b6389aa..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that UI Server has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ace-user-roles.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/NOTES.txt deleted file mode 100644 index fb13a53..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that KubeDB AutoScaler has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-autoscaler.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/values.openapiv3_schema.yaml deleted file mode 100644 index 039bb57..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1517 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you locate - the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances of - this type with an empty value here are almost certainly wrong. TODO: Add - other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need it - https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - recommender: - properties: - cpuHistogramDecayHalfLife: - type: string - memoryAggregationInterval: - type: string - memoryAggregationIntervalCount: - format: int64 - type: integer - memoryHistogramDecayHalfLife: - type: string - required: - - cpuHistogramDecayHalfLife - - memoryAggregationInterval - - memoryAggregationIntervalCount - - memoryHistogramDecayHalfLife - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - storageAutoscaler: - properties: - prometheus: - properties: - address: - type: string - bearerToken: - type: string - caCert: - type: string - required: - - address - type: object - required: - - prometheus - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array - updateInterval: - type: string - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object -required: -- apiserver -- imagePullPolicy -- monitoring -- operator -- registryFQDN -- replicaCount -- serviceAccount -- waitfor -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/values.openapiv3_schema.yaml deleted file mode 100644 index 637a5ac..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1402 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - featureGates: - additionalProperties: - type: boolean - type: object - fullnameOverride: - type: string - image: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - registryFQDN: - type: string - removeUnusedCRDs: - type: boolean - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field is\ - \ immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: SecurityContext holds security configuration that will be applied - to a container. Some fields are present in both SecurityContext and PodSecurityContext. When - both are set, the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain - more privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. Note - that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers - are essentially equivalent to root on the host. Defaults to false. Note - that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType feature - flag to be enabled. Note that this field cannot be set when spec.os.name - is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp options - are provided at both the pod & container level, the container options override - the pod options. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options from the PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array - ttlSecondsAfterFinished: - type: integer -required: -- featureGates -- image -- imagePullPolicy -- removeUnusedCRDs -- serviceAccount -- ttlSecondsAfterFinished -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/NOTES.txt deleted file mode 100644 index 958337a..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that KubeDB Ops Manager has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-ops-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/values.openapiv3_schema.yaml deleted file mode 100644 index c5dc8ca..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1680 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - env: - description: List of environment variables to set in the container. Cannot be - updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously - defined environment variables in the container and any service environment - variables. If a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references will never be expanded, - regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used - if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits - and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) are - currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for - env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys will - be reported as an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you locate - the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances of - this type with an empty value here are almost certainly wrong. TODO: Add - other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need it - https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - insecureRegistries: - items: - type: string - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - psp: - properties: - enabled: - type: boolean - required: - - enabled - type: object - recommendationEngine: - properties: - genRotateTLSRecommendationBeforeExpiryDay: - type: integer - genRotateTLSRecommendationBeforeExpiryMonth: - type: integer - genRotateTLSRecommendationBeforeExpiryYear: - type: integer - recommendationResyncPeriod: - type: string - required: - - genRotateTLSRecommendationBeforeExpiryDay - - genRotateTLSRecommendationBeforeExpiryMonth - - genRotateTLSRecommendationBeforeExpiryYear - - recommendationResyncPeriod - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object -required: -- apiserver -- imagePullPolicy -- insecureRegistries -- monitoring -- operator -- psp -- registryFQDN -- replicaCount -- serviceAccount -- waitfor -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/NOTES.txt deleted file mode 100644 index a09e307..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that KubeDB provisioner has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-provisioner.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/values.openapiv3_schema.yaml deleted file mode 100644 index c47e91c..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1670 +0,0 @@ -properties: - additionalPodSecurityPolicies: - items: - type: string - type: array - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - enforceTerminationPolicy: - type: boolean - env: - description: List of environment variables to set in the container. Cannot be - updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously - defined environment variables in the container and any service environment - variables. If a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references will never be expanded, - regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used - if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits - and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) are - currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for - env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys will - be reported as an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you locate - the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances of - this type with an empty value here are almost certainly wrong. TODO: Add - other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need it - https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - insecureRegistries: - items: - type: string - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - psp: - properties: - enabled: - type: boolean - required: - - enabled - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object -required: -- apiserver -- imagePullPolicy -- insecureRegistries -- monitoring -- operator -- psp -- registryFQDN -- replicaCount -- serviceAccount -- waitfor -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/NOTES.txt deleted file mode 100644 index 5f296fb..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that KubeDB schema manager has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-schema-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/values.openapiv3_schema.yaml deleted file mode 100644 index 2104f1b..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1484 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - enforceTerminationPolicy: - type: boolean - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you locate - the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances of - this type with an empty value here are almost certainly wrong. TODO: Add - other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need it - https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object -required: -- apiserver -- imagePullPolicy -- monitoring -- operator -- registryFQDN -- replicaCount -- serviceAccount -- waitfor -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/apiregistration.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/apiregistration.yaml deleted file mode 100644 index 5f46a1e..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/apiregistration.yaml +++ /dev/null @@ -1,251 +0,0 @@ -{{ template "kubedb-webhook-server.prepare-certs" $ }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "kubedb-webhook-server.fullname" . }}-apiserver-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -type: kubernetes.io/tls -data: - ca.crt: {{ $._caCrt }} - tls.crt: {{ $._serverCrt }} - tls.key: {{ $._serverKey }} - -{{- if not (list "kubedb-autoscaler" "kubedb-dashboard" "kubedb-ops-manager" "kubedb-schema-manager" | has .Values.server.repository) }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.kubedb.com - labels: - app.kubernetes.io/component: kubedb-provisioner - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.kubedb.com - labels: - app.kubernetes.io/component: kubedb-provisioner - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: mutators.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} -{{- end }} -{{- if list "kubedb-webhook-server" "kafka-operator" | has .Values.server.repository }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.kafka.kubedb.com - labels: - app.kubernetes.io/component: kubedb-provisioner - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.kafka.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.kafka.kubedb.com - labels: - app.kubernetes.io/component: kubedb-provisioner - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: mutators.kafka.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} -{{- end }} -{{- if list "kubedb-webhook-server" "kubedb-ops-manager" | has .Values.server.repository }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.ops.kubedb.com - labels: - app.kubernetes.io/component: kubedb-ops-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.ops.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.ops.kubedb.com - labels: - app.kubernetes.io/component: kubedb-ops-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: mutators.ops.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.postgres.kubedb.com - labels: - app.kubernetes.io/component: kubedb-ops-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.postgres.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} -{{- end }} -{{- if list "kubedb-webhook-server" "kubedb-autoscaler" | has .Values.server.repository }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.autoscaling.kubedb.com - labels: - app.kubernetes.io/component: kubedb-autoscaler - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: mutators.autoscaling.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.autoscaling.kubedb.com - labels: - app.kubernetes.io/component: kubedb-autoscaler - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.autoscaling.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} - {{- end }} - {{- if list "kubedb-webhook-server" "kubedb-dashboard" | has .Values.server.repository }} ---- -{{- end }} -{{- if list "kubedb-webhook-server" "kubedb-dashboard" | has .Values.server.repository }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.elasticsearch.kubedb.com - labels: - app.kubernetes.io/component: kubedb-dashboard - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.elasticsearch.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.elasticsearch.kubedb.com - labels: - app.kubernetes.io/component: kubedb-dashboard - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: mutators.elasticsearch.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} -{{- end }} -{{- if list "kubedb-webhook-server" "kubedb-schema-manager" | has .Values.server.repository }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.schema.kubedb.com - labels: - app.kubernetes.io/component: kubedb-schema-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: validators.schema.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.schema.kubedb.com - labels: - app.kubernetes.io/component: kubedb-schema-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -spec: - group: mutators.schema.kubedb.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kubedb-webhook-server.fullname" . }} - caBundle: {{ $._caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/autoscaler/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/autoscaler/validating-webhook.yaml deleted file mode 100644 index 7c207d2..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/autoscaler/validating-webhook.yaml +++ /dev/null @@ -1,308 +0,0 @@ -{{ $featureGates := .Values.featureGates }} -{{- if .Values.global }} - {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} -{{- end }} - -{{- if .Values.apiserver.enableMutatingWebhook }} -{{- if list "kubedb-webhook-server" "kubedb-autoscaler" | has .Values.server.repository }} - -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validators.autoscaling.kubedb.com - labels: - app.kubernetes.io/component: kubedb-autoscaler - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -webhooks: -{{- if $featureGates.MongoDB }} -- name: mongodbautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/mongodbautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["mongodbautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Druid }} -- name: druidautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/druidautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["druidautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.RabbitMQ }} -- name: rabbitmqautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/rabbitmqautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["rabbitmqautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Elasticsearch }} -- name: elasticsearchautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/elasticsearchautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["elasticsearchautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Kafka }} -- name: kafkaautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/kafkaautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["kafkaautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MariaDB }} -- name: mariadbautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/mariadbautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["mariadbautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MSSQLServer }} -- name: mssqlserverautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/mssqlserverautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["mssqlserverautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MySQL }} -- name: mysqlautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/mysqlautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["mysqlautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.PerconaXtraDB }} -- name: perconaxtradbautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/perconaxtradbautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["perconaxtradbautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Postgres }} -- name: postgresautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/postgresautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["postgresautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.PgBouncer }} -- name: pgbouncerautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/pgbouncerautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["pgbouncerautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Pgpool }} -- name: pgpoolautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/pgpoolautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["pgpoolautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.ProxySQL }} -- name: proxysqlautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/proxysqlautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["proxysqlautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Redis }} -- name: redisautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/redisautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["redisautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -- name: redissentinelautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/redissentinelautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["redissentinelautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Singlestore }} -- name: singlestoreautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/singlestoreautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["singlestoreautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Solr }} -- name: solrautoscalerwebhook.validators.autoscaling.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.autoscaling.kubedb.com/v1alpha1/solrautoscalerwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["solrautoscalers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- end }} -{{- end }} - diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/cluster-role-binding.yaml deleted file mode 100644 index f0fdbb9..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "kubedb-webhook-server.fullname" . }} - labels: - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "kubedb-webhook-server.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "kubedb-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/ops-manager/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/ops-manager/mutating-webhook.yaml deleted file mode 100644 index ff92cb1..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/ops-manager/mutating-webhook.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ $featureGates := .Values.featureGates }} -{{- if .Values.global }} - {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} -{{- end }} - -{{- if .Values.apiserver.enableMutatingWebhook }} -{{- if list "kubedb-webhook-server" "kubedb-ops-manager" | has .Values.server.repository }} - -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutators.ops.kubedb.com - labels: - app.kubernetes.io/component: kubedb-ops-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -webhooks: -{{- if $featureGates.MySQL }} -- name: mysqlopsrequestwebhook.mutators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.ops.kubedb.com/v1alpha1/mysqlopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["mysqlopsrequests"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- end }} -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/ops-manager/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/ops-manager/validating-webhook.yaml deleted file mode 100644 index 0da8381..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/ops-manager/validating-webhook.yaml +++ /dev/null @@ -1,339 +0,0 @@ -{{ $featureGates := .Values.featureGates }} -{{- if .Values.global }} - {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} -{{- end }} - -{{- if .Values.apiserver.enableValidatingWebhook }} -{{- if list "kubedb-webhook-server" "kubedb-ops-manager" | has .Values.server.repository }} - -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validators.ops.kubedb.com - labels: - app.kubernetes.io/component: kubedb-ops-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -webhooks: -{{- if $featureGates.Druid }} -- name: druidopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/druidopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["druidopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Elasticsearch }} -- name: elasticsearchopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/elasticsearchopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["elasticsearchopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.FerretDB }} -- name: ferretdbopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/ferretdbopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["ferretdbopsrequestwebhooks"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Kafka }} -- name: kafkaopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/kafkaopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["kafkaopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: Fail - sideEffects: None -{{- end }} -{{- if $featureGates.MariaDB }} -- name: mariadbopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/mariadbopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["mariadbopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Memcached }} -- name: memcachedopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/memcachedopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["memcachedopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MongoDB }} -- name: mongodbopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/mongodbopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["mongodbopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MSSQLServer }} -- name: mssqlserveropsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/mssqlserveropsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["mssqlserveropsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MySQL }} -- name: mysqlopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/mysqlopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["mysqlopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.PerconaXtraDB }} -- name: perconaxtradbdbopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/perconaxtradbopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["perconaxtradbopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.PgBouncer }} -- name: pgbounceropsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/pgbounceropsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["pgbounceropsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Pgpool }} -- name: pgpoolopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/pgpoolopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["pgpoolopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Postgres }} -- name: publisherwebhook.validators.postgres.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.postgres.kubedb.com/v1alpha1/publisherwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["postgres.kubedb.com"] - apiVersions: ["*"] - resources: ["publishers"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -- name: subscriberwebhook.validators.postgres.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.postgres.kubedb.com/v1alpha1/subscriberwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["postgres.kubedb.com"] - apiVersions: ["*"] - resources: ["subscribers"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.RabbitMQ }} -- name: rabbitmqopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/rabbitmqopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["rabbitmqopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Redis }} -- name: redisopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/redisopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["redisopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -- name: redissentinelopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/redissentinelopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["redissentinelopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Singlestore }} -- name: singlestoreopsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/singlestoreopsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["singlestoreopsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Solr }} -- name: solropsrequestwebhook.validators.ops.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.ops.kubedb.com/v1alpha1/solropsrequestwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["ops.kubedb.com"] - apiVersions: ["*"] - resources: ["solropsrequests"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- end }} -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/schema-manager/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/schema-manager/mutating-webhook.yaml deleted file mode 100644 index 6ae27c9..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/schema-manager/mutating-webhook.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{ $featureGates := .Values.featureGates }} -{{- if .Values.global }} - {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} -{{- end }} - -{{- if .Values.apiserver.enableMutatingWebhook }} -{{- if list "kubedb-webhook-server" "kubedb-schema-manager" | has .Values.server.repository }} - -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutators.schema.kubedb.com - labels: - app.kubernetes.io/component: kubedb-schema-manager - {{- include "kubedb-webhook-server.labels" . | nindent 4 }} -webhooks: -{{- if $featureGates.MySQL }} -- name: mysqldatabasewebhook.mutators.schema.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.schema.kubedb.com/v1alpha1/mysqldatabasewebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["schema.kubedb.com"] - apiVersions: ["*"] - resources: ["mysqldatabases"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.MongoDB }} -- name: mongodbdatabasewebhook.mutators.schema.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.schema.kubedb.com/v1alpha1/mongodbdatabasewebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["schema.kubedb.com"] - apiVersions: ["*"] - resources: ["mongodbdatabases"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- end }} -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/values.openapiv3_schema.yaml deleted file mode 100644 index c83a095..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1495 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - ca: - type: string - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - format: int32 - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - port: - format: int32 - type: integer - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - format: int32 - type: integer - webhook: - properties: - failurePolicy: - type: string - required: - - failurePolicy - type: object - required: - - ca - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - port - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - - webhook - type: object - criticalAddon: - type: boolean - defaultSeccompProfileType: - type: string - featureGates: - additionalProperties: - type: boolean - type: object - fullnameOverride: - type: string - hostNetwork: - type: boolean - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - logLevel: - format: int32 - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - server: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array -required: -- apiserver -- featureGates -- hostNetwork -- imagePullPolicy -- monitoring -- registryFQDN -- replicaCount -- server -- serviceAccount -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/README.md deleted file mode 100644 index 79c4653..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/README.md +++ /dev/null @@ -1,105 +0,0 @@ -# Petset Operator - -[Petset Operator by AppsCode](https://github.com/kubeops/petset) - Petset Operator by AppsCode - -## TL;DR; - -```bash -$ helm repo add appscode https://charts.appscode.com/stable/ -$ helm repo update -$ helm search repo appscode/petset --version=v2024.9.30 -$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2024.9.30 -``` - -## Introduction - -This chart deploys Petset operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.21+ - -## Installing the Chart - -To install/upgrade the chart with the release name `petset`: - -```bash -$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2024.9.30 -``` - -The command deploys Petset operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall the `petset`: - -```bash -$ helm uninstall petset -n kubeops -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the `petset` chart and their default values. - -| Parameter | Description | Default | -|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| nameOverride | Overrides name template | "" | -| fullnameOverride | Overrides fullname template | "" | -| replicaCount | Number of stash operator replicas to create (only 1 is supported) | 1 | -| registryFQDN | Docker registry fqdn used to pull Stash related images. Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | -| operator.registry | Docker registry used to pull operator image | appscode | -| operator.repository | Name of operator container image | petset | -| operator.tag | Operator container image tag | "" | -| operator.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} | -| operator.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | -| rbacproxy.registry | Docker registry used to pull operator image | appscode | -| rbacproxy.repository | Name of operator container image | kube-rbac-proxy | -| rbacproxy.tag | Operator container image tag | v0.15.0 | -| rbacproxy.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} | -| rbacproxy.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | -| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/stash \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | -| imagePullPolicy | Container image pull policy | IfNotPresent | -| criticalAddon | If true, installs Stash operator as critical addon | false | -| logLevel | Log level for operator | 3 | -| annotations | Annotations applied to operator deployment | {} | -| podAnnotations | Annotations passed to operator pod(s). | {} | -| podLabels | Labels passed to operator pod(s) | {} | -| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} | -| tolerations | Tolerations for pod assignment | [] | -| affinity | Affinity rules for pod assignment | {} | -| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | -| serviceAccount.create | Specifies whether a service account should be created | true | -| serviceAccount.annotations | Annotations to add to the service account | {} | -| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | -| apiserver.groupPriorityMinimum | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field. | 10000 | -| apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 | -| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | true | -| apiserver.enableValidatingWebhook | If true, validating webhook is configured for Stash CRDss | true | -| apiserver.bypassValidatingWebhookXray | If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. | false | -| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | -| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | -| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | -| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | -| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | -| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | -| monitoring.agent | Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin") | "none" | -| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | -| networkPolicy.enabled | | false | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: - -```bash -$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2024.9.30 --set replicaCount=1 -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```bash -$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2024.9.30 --values values.yaml -``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/operator.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/operator.yaml deleted file mode 100644 index 81becf8..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/operator.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }} -{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }} -{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}} - -{{- $nodeSelector := .Values.nodeSelector }} -{{- if .Values.global }} - {{ $nodeSelector = default .Values.nodeSelector .Values.global.nodeSelector }} -{{- end }} - -{{- $tolerations := .Values.tolerations }} -{{- if .Values.global }} - {{ $tolerations = default .Values.tolerations .Values.global.tolerations }} -{{- end }} - -{{- $affinity := .Values.affinity }} -{{- if .Values.global }} - {{ $affinity = default .Values.affinity .Values.global.affinity }} -{{- end }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "petset.fullname" . }}-operator - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: operator - {{- include "petset.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/component: operator - {{- include "petset.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - app.kubernetes.io/component: operator - {{- include "petset.selectorLabels" . | nindent 8 }} - annotations: - {{- if $criticalAddon }} - scheduler.alpha.kubernetes.io/critical-pod: '' - {{- end }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- include "appscode.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "petset.serviceAccountName" . }} - containers: - - name: operator - image: "{{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - securityContext: - {{- toYaml .Values.operator.securityContext | nindent 10 }} - args: - - operator - resources: - {{- toYaml .Values.operator.resources | nindent 10 }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if or $tolerations $criticalAddon }} - tolerations: - {{- with $tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if $criticalAddon }} - - key: CriticalAddonsOnly - operator: Exists - {{- end -}} - {{- end -}} - {{- with $affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if $criticalAddon }} - priorityClassName: system-cluster-critical - {{- end -}} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/auth_proxy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/auth_proxy.yaml deleted file mode 100644 index d95e4c4..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/auth_proxy.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "petset.fullname" . }}-auth-proxy -rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "petset.fullname" . }}-auth-proxy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "petset.fullname" . }}-auth-proxy -subjects: - - kind: ServiceAccount - name: {{ include "petset.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/cluster_role_binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/cluster_role_binding.yaml deleted file mode 100644 index 1e4520a..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/cluster_role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "petset.fullname" . }} - labels: - {{- include "petset.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "petset.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "petset.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/monitoring/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/monitoring/service.yaml deleted file mode 100644 index efb61c0..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/monitoring/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "petset.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "petset.labels" . | nindent 4 }} - {{- if eq .Values.monitoring.agent "prometheus.io/builtin" }} - annotations: - prometheus.io/scrape: "true" - {{- if .Values.monitoring.operator }} - prometheus.io/operator_path: "/metrics" - prometheus.io/operator_port: "8443" - prometheus.io/operator_scheme: "https" - {{- end }} - {{- end }} -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: webhook-server - {{- include "petset.selectorLabels" . | nindent 4 }} -{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/webhook_service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/webhook_service.yaml deleted file mode 100644 index 43e4f0d..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/webhook_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "petset.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "petset.labels" . | nindent 4 }} -spec: - selector: - app.kubernetes.io/component: webhook-server - {{- include "petset.selectorLabels" . | nindent 4 }} - ports: - - port: 443 - protocol: TCP - targetPort: 9443 -{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/values.openapiv3_schema.yaml deleted file mode 100644 index 4ce5d94..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1709 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - bypassValidatingWebhookXray: - type: boolean - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - type: integer - required: - - bypassValidatingWebhookXray - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - type: object - criticalAddon: - type: boolean - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - logLevel: - format: int32 - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - networkPolicy: - properties: - enabled: - type: boolean - required: - - enabled - type: object - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podLabels: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - rbacproxy: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array -required: -- imagePullPolicy -- monitoring -- operator -- rbacproxy -- registryFQDN -- replicaCount -- serviceAccount -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/README.md deleted file mode 100644 index 54075ec..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# Sidekick - -[Sidekick by AppsCode](https://github.com/kubeops/sidekick) - Sidekick for Kubernetes - -## TL;DR; - -```bash -$ helm repo add appscode https://charts.appscode.com/stable/ -$ helm repo update -$ helm search repo appscode/sidekick --version=v2024.11.8 -$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2024.11.8 -``` - -## Introduction - -This chart deploys an Sidekick on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.21+ - -## Installing the Chart - -To install/upgrade the chart with the release name `sidekick`: - -```bash -$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2024.11.8 -``` - -The command deploys an Sidekick on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall the `sidekick`: - -```bash -$ helm uninstall sidekick -n kubeops -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the `sidekick` chart and their default values. - -| Parameter | Description | Default | -|----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| nameOverride | Overrides name template | "" | -| fullnameOverride | Overrides fullname template | "" | -| replicaCount | | 1 | -| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | -| image.registry | Docker registry used to pull operator image | appscode | -| image.repository | Name of operator container image | sidekick | -| image.tag | Overrides the image tag whose default is the chart appVersion. | "" | -| image.resources | Compute Resources required by the operator container | {} | -| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | -| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/stash \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | -| imagePullPolicy | Container image pull policy | Always | -| serviceAccount.create | Specifies whether a service account should be created | true | -| serviceAccount.annotations | Annotations to add to the service account | {} | -| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | -| podAnnotations | | {} | -| podSecurityContext | | {} | -| nodeSelector | | {} | -| tolerations | | [] | -| affinity | | {} | -| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" | -| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | -| networkPolicy.enabled | | false | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: - -```bash -$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2024.11.8 --set replicaCount=1 -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```bash -$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2024.11.8 --values values.yaml -``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/cluster-role-binding.yaml deleted file mode 100644 index 4bf3d51..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "sidekick.fullname" . }} - labels: - {{- include "sidekick.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "sidekick.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "sidekick.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/cluster-role.yaml deleted file mode 100644 index 1ea80e5..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/cluster-role.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "sidekick.fullname" . }} - labels: - {{- include "sidekick.labels" . | nindent 4 }} -rules: -- apiGroups: - - apps.k8s.appscode.com - resources: ["*"] - verbs: ["*"] -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["*"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list","watch"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["*"] diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/deployment.yaml deleted file mode 100644 index 18499eb..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- $nodeSelector := .Values.nodeSelector }} -{{- if .Values.global }} - {{ $nodeSelector = default .Values.nodeSelector .Values.global.nodeSelector }} -{{- end }} - -{{- $tolerations := .Values.tolerations }} -{{- if .Values.global }} - {{ $tolerations = default .Values.tolerations .Values.global.tolerations }} -{{- end }} - -{{- $affinity := .Values.affinity }} -{{- if .Values.global }} - {{ $affinity = default .Values.affinity .Values.global.affinity }} -{{- end }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "sidekick.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "sidekick.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "sidekick.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "sidekick.selectorLabels" . | nindent 8 }} - spec: - {{- include "appscode.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "sidekick.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.image.securityContext | nindent 12 }} - image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - run - ports: - - name: metrics - containerPort: 8080 - protocol: TCP - - name: http - containerPort: 8081 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: http - readinessProbe: - httpGet: - path: /readyz - port: http - resources: - {{- toYaml .Values.image.resources | nindent 12 }} - {{- with $nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/values.openapiv3_schema.yaml deleted file mode 100644 index 4be3bc8..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1425 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - fullnameOverride: - type: string - image: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - networkPolicy: - properties: - enabled: - type: boolean - required: - - enabled - type: object - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array -required: -- image -- imagePullPolicy -- monitoring -- registryFQDN -- replicaCount -- serviceAccount -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/README.md deleted file mode 100644 index bbac6a4..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/README.md +++ /dev/null @@ -1,102 +0,0 @@ -# Supervisor - -[Supervisor by AppsCode](https://github.com/kubeops/supervisor) - Supervisor for Kubernetes - -## TL;DR; - -```bash -$ helm repo add appscode https://charts.appscode.com/stable/ -$ helm repo update -$ helm search repo appscode/supervisor --version=v2024.11.8 -$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2024.11.8 -``` - -## Introduction - -This chart deploys a Supervisor on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.21+ - -## Installing the Chart - -To install/upgrade the chart with the release name `supervisor`: - -```bash -$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2024.11.8 -``` - -The command deploys a Supervisor on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall the `supervisor`: - -```bash -$ helm uninstall supervisor -n kubeops -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the `supervisor` chart and their default values. - -| Parameter | Description | Default | -|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| nameOverride | Overrides name template | "" | -| fullnameOverride | Overrides fullname template | "" | -| replicaCount | Number of Supervisor replicas to create (only 1 is supported) | 1 | -| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | -| maxConcurrentReconcile | Maximum number of Recommendation object that will be reconciled concurrently | 5 | -| requeueAfterDuration | Duration after the Recommendation object will be requeue when it is waiting for MaintenanceWindow. The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration | 1m | -| retryAfterDuration | Duration after the failure events will be requeue again. The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration | 1m | -| beforeDeadlineDuration | When there is less time than `beforeDeadlineDuration` before deadline, Recommendations are free to execute regardless of Parallelism. The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration | 24h | -| image.registry | Docker registry used to pull operator image | appscode | -| image.repository | Name of operator container image | supervisor | -| image.tag | Operator container image tag | "" | -| image.resources | Compute Resources required by the operator container | {} | -| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | -| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/supervisor \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | -| imagePullPolicy | Container image pull policy | IfNotPresent | -| criticalAddon | If true, installs Supervisor as critical addon | false | -| logLevel | Log level for operator | 3 | -| annotations | Annotations applied to operator deployment | {} | -| podAnnotations | Annotations passed to operator pod(s). | {} | -| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} | -| tolerations | Tolerations for pod assignment | [] | -| affinity | Affinity rules for pod assignment | {} | -| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | -| serviceAccount.create | Specifies whether a service account should be created | true | -| serviceAccount.annotations | Annotations to add to the service account | {} | -| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | -| apiserver.groupPriorityMinimum | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field. | 10000 | -| apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 | -| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Supervisor CRDs | true | -| apiserver.enableValidatingWebhook | If true, validating webhook is configured for Supervisor CRDs | true | -| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | -| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | -| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. See also: [example terraform](https://github.com/searchlight/installer/blob/master/charts/supervisor/example-terraform.tf) | true | -| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | -| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | -| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | -| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" | -| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | -| networkPolicy.enabled | | false | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: - -```bash -$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2024.11.8 --set replicaCount=1 -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```bash -$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2024.11.8 --values values.yaml -``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/apiregistration.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/apiregistration.yaml deleted file mode 100644 index fb9cbf7..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/apiregistration.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- $caCrt := "" }} -{{- $serverCrt := "" }} -{{- $serverKey := "" }} -{{- if .Values.apiserver.servingCerts.generate }} -{{- $ca := genCA "ca" 3650 }} -{{- $cn := include "supervisor.fullname" . -}} -{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} -{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} -{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} -{{- $caCrt = b64enc $ca.Cert }} -{{- $serverCrt = b64enc $server.Cert }} -{{- $serverKey = b64enc $server.Key }} -{{- else }} -{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} -{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} -{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} -{{- end }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "supervisor.fullname" . }}-apiserver-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "supervisor.labels" . | nindent 4 }} -type: kubernetes.io/tls -data: - ca.crt: {{ $caCrt }} - tls.crt: {{ $serverCrt }} - tls.key: {{ $serverKey }} ---- -# register as aggregated apiserver -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.supervisor.appscode.com - labels: - {{- include "supervisor.labels" . | nindent 4 }} -spec: - group: mutators.supervisor.appscode.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "supervisor.fullname" . }} - caBundle: {{ $caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -# register as aggregated apiserver -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.supervisor.appscode.com - labels: - {{- include "supervisor.labels" . | nindent 4 }} -spec: - group: validators.supervisor.appscode.com - version: v1alpha1 - service: - namespace: {{ .Release.Namespace }} - name: {{ include "supervisor.fullname" . }} - caBundle: {{ $caCrt }} - groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} - versionPriority: {{ .Values.apiserver.versionPriority }} ---- -# to read the config for terminating authentication -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "supervisor.fullname" . }}-apiserver-extension-server-authentication-reader - namespace: kube-system - labels: - {{- include "supervisor.labels" . | nindent 4 }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ include "supervisor.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -# to delegate authentication and authorization -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "supervisor.fullname" . }}-apiserver-auth-delegator - labels: - {{- include "supervisor.labels" . | nindent 4 }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ include "supervisor.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/cluster-role-binding.yaml deleted file mode 100644 index c8bad2d..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "supervisor.fullname" . }} - labels: - {{- include "supervisor.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "supervisor.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "supervisor.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/mutating-webhook.yaml deleted file mode 100644 index d8b5ce0..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/mutating-webhook.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.apiserver.enableMutatingWebhook }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutators.supervisor.appscode.com - labels: - {{- include "supervisor.labels" . | nindent 4 }} -webhooks: - - name: recommendations.mutators.supervisor.appscode.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.supervisor.appscode.com/v1alpha1/recommendationwebhooks - caBundle: {{ $caCrt }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - supervisor.appscode.com - apiVersions: - - "*" - resources: - - recommendations - admissionReviewVersions: ["v1beta1"] - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/validating-webhook.yaml deleted file mode 100644 index 295be38..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/validating-webhook.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.apiserver.enableValidatingWebhook }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validators.supervisor.appscode.com - labels: - {{- include "supervisor.labels" . | nindent 4 }} -webhooks: - - name: maintenancewindows.validators.supervisor.appscode.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.supervisor.appscode.com/v1alpha1/maintenancewindowwebhooks - caBundle: {{ $caCrt }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - supervisor.appscode.com - apiVersions: - - "*" - resources: - - maintenancewindows - admissionReviewVersions: ["v1beta1"] - failurePolicy: Fail - sideEffects: None - - - name: clustermaintenancewindows.validators.supervisor.appscode.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.supervisor.appscode.com/v1alpha1/clustermaintenancewindowwebhooks - caBundle: {{ $caCrt }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - supervisor.appscode.com - apiVersions: - - "*" - resources: - - clustermaintenancewindows - admissionReviewVersions: ["v1beta1"] - failurePolicy: Fail - sideEffects: None - - - name: recommendations.validators.supervisor.appscode.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.supervisor.appscode.com/v1alpha1/recommendationwebhooks - caBundle: {{ $caCrt }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - supervisor.appscode.com - apiVersions: - - "*" - resources: - - recommendations - admissionReviewVersions: ["v1beta1"] - failurePolicy: Fail - sideEffects: None -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/values.openapiv3_schema.yaml deleted file mode 100644 index 831b87c..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/values.openapiv3_schema.yaml +++ /dev/null @@ -1,1487 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - type: integer - required: - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - type: object - beforeDeadlineDuration: - type: string - criticalAddon: - type: boolean - fullnameOverride: - type: string - image: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - logLevel: - format: int32 - type: integer - maxConcurrentReconcile: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - networkPolicy: - properties: - enabled: - type: boolean - required: - - enabled - type: object - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - requeueAfterDuration: - type: string - retryAfterDuration: - type: string - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array -required: -- apiserver -- beforeDeadlineDuration -- image -- imagePullPolicy -- maxConcurrentReconcile -- monitoring -- registryFQDN -- replicaCount -- requeueAfterDuration -- retryAfterDuration -- serviceAccount -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/values.openapiv3_schema.yaml deleted file mode 100644 index f456640..0000000 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/values.openapiv3_schema.yaml +++ /dev/null @@ -1,11123 +0,0 @@ -properties: - ace-user-roles: - properties: - enableClusterRoles: - properties: - ace: - type: boolean - appcatalog: - type: boolean - catalog: - type: boolean - cert-manager: - type: boolean - kubedb: - type: boolean - kubedb-ui: - type: boolean - kubestash: - type: boolean - kubevault: - type: boolean - license-proxyserver: - type: boolean - metrics: - type: boolean - prometheus: - type: boolean - stash: - type: boolean - required: - - ace - - appcatalog - - catalog - - cert-manager - - kubedb - - kubedb-ui - - kubestash - - kubevault - - license-proxyserver - - metrics - - prometheus - - stash - type: object - enabled: - type: boolean - required: - - enabled - type: object - global: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - featureGates: - additionalProperties: - type: boolean - type: object - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you - locate the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - insecureRegistries: - items: - type: string - type: array - license: - type: string - licenseSecretName: - type: string - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - networkPolicy: - properties: - enabled: - type: boolean - required: - - enabled - type: object - nodeSelector: - additionalProperties: - type: string - type: object - registry: - type: string - registryFQDN: - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - waitForWebhook: - type: boolean - required: - - featureGates - - insecureRegistries - - license - - licenseSecretName - - monitoring - - registry - - registryFQDN - - waitForWebhook - type: object - kubedb-autoscaler: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - enabled: - type: boolean - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you - locate the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and\ - \ requires enabling the DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - recommender: - properties: - cpuHistogramDecayHalfLife: - type: string - memoryAggregationInterval: - type: string - memoryAggregationIntervalCount: - format: int64 - type: integer - memoryHistogramDecayHalfLife: - type: string - required: - - cpuHistogramDecayHalfLife - - memoryAggregationInterval - - memoryAggregationIntervalCount - - memoryHistogramDecayHalfLife - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - storageAutoscaler: - properties: - prometheus: - properties: - address: - type: string - bearerToken: - type: string - caCert: - type: string - required: - - address - type: object - required: - - prometheus - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - updateInterval: - type: string - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object - required: - - apiserver - - enabled - - imagePullPolicy - - monitoring - - operator - - registryFQDN - - replicaCount - - serviceAccount - - waitfor - type: object - kubedb-catalog: - properties: - customVersions: - additionalProperties: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - enableVersions: - additionalProperties: - items: - type: string - type: array - type: object - enabled: - type: boolean - featureGates: - additionalProperties: - type: boolean - type: object - fullnameOverride: - type: string - nameOverride: - type: string - proxies: - properties: - appscode: - description: r.appscode.com - type: string - dockerHub: - description: company/bin:1.23 - type: string - dockerLibrary: - description: alpine, nginx etc. - type: string - ghcr: - description: ghcr.io - type: string - kubernetes: - description: registry.k8s.io - type: string - microsoft: - description: mcr.microsoft.com - type: string - quay: - description: quay.io - type: string - type: object - psp: - properties: - elasticsearch: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - enabled: - type: boolean - kafka: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - mariadb: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - memcached: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - mongodb: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - mysql: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - perconaxtradb: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - postgres: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - proxysql: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - redis: - properties: - allowPrivilegeEscalation: - type: boolean - privileged: - type: boolean - required: - - allowPrivilegeEscalation - - privileged - type: object - required: - - enabled - type: object - skipDeprecated: - type: boolean - required: - - customVersions - - enableVersions - - enabled - - featureGates - - psp - - skipDeprecated - type: object - kubedb-crd-manager: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - enabled: - type: boolean - featureGates: - additionalProperties: - type: boolean - type: object - fullnameOverride: - type: string - image: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - registryFQDN: - type: string - removeUnusedCRDs: - type: boolean - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: SecurityContext holds security configuration that will be applied - to a container. Some fields are present in both SecurityContext and PodSecurityContext. When - both are set, the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - ttlSecondsAfterFinished: - type: integer - required: - - enabled - - featureGates - - image - - imagePullPolicy - - removeUnusedCRDs - - serviceAccount - - ttlSecondsAfterFinished - type: object - kubedb-kubestash-catalog: - properties: - druid: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - elasticsearch: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - enabled: - type: boolean - featureGates: - additionalProperties: - type: boolean - type: object - kubedbmanifest: - properties: - enabled: - type: boolean - required: - - enabled - type: object - kubedbverifier: - properties: - enabled: - type: boolean - required: - - enabled - type: object - mariadb: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - mongodb: - description: KubestashMongodbSpec is the schema for KubeStash MongoDB values - file - properties: - backup: - properties: - args: - type: string - type: object - maxConcurrency: - format: int32 - type: integer - restore: - properties: - args: - type: string - type: object - required: - - backup - - maxConcurrency - - restore - type: object - mssqlserver: - description: KubestashMongodbSpec is the schema for KubeStash MongoDB values - file - properties: - backup: - properties: - args: - type: string - type: object - maxConcurrency: - format: int32 - type: integer - restore: - properties: - args: - type: string - type: object - required: - - backup - - maxConcurrency - - restore - type: object - mysql: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - opensearch: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - postgres: - description: KubestashPostgresSpec is the schema for KubeStash Postgres values - file - properties: - backup: - properties: - args: - type: string - cmd: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - proxies: - properties: - appscode: - description: r.appscode.com - type: string - dockerHub: - description: company/bin:1.23 - type: string - dockerLibrary: - description: alpine, nginx etc. - type: string - ghcr: - description: ghcr.io - type: string - kubernetes: - description: registry.k8s.io - type: string - microsoft: - description: mcr.microsoft.com - type: string - quay: - description: quay.io - type: string - type: object - redis: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - singlestore: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - waitTimeout: - format: int64 - type: integer - zookeeper: - description: KubestashDatabaseSpec is the schema for DB values file - properties: - backup: - properties: - args: - type: string - type: object - restore: - properties: - args: - type: string - type: object - required: - - backup - - restore - type: object - required: - - druid - - elasticsearch - - enabled - - featureGates - - kubedbmanifest - - kubedbverifier - - mariadb - - mongodb - - mssqlserver - - mysql - - opensearch - - postgres - - redis - - singlestore - - waitTimeout - - zookeeper - type: object - kubedb-metrics: - properties: - enabled: - type: boolean - required: - - enabled - type: object - kubedb-ops-manager: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - enabled: - type: boolean - env: - description: List of environment variables to set in the container. Cannot - be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the - previously defined environment variables in the container and any - service environment variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be - used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to - be empty. Instances of this type with an empty value here - are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to - be empty. Instances of this type with an empty value here - are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key - exists in multiple sources, the value associated with the last source will - take precedence. Values defined by an Env with a duplicate key will take - precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you - locate the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - insecureRegistries: - items: - type: string - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and\ - \ requires enabling the DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - psp: - properties: - enabled: - type: boolean - required: - - enabled - type: object - recommendationEngine: - properties: - genRotateTLSRecommendationBeforeExpiryDay: - type: integer - genRotateTLSRecommendationBeforeExpiryMonth: - type: integer - genRotateTLSRecommendationBeforeExpiryYear: - type: integer - recommendationResyncPeriod: - type: string - required: - - genRotateTLSRecommendationBeforeExpiryDay - - genRotateTLSRecommendationBeforeExpiryMonth - - genRotateTLSRecommendationBeforeExpiryYear - - recommendationResyncPeriod - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object - required: - - apiserver - - enabled - - imagePullPolicy - - insecureRegistries - - monitoring - - operator - - psp - - registryFQDN - - replicaCount - - serviceAccount - - waitfor - type: object - kubedb-provisioner: - properties: - additionalPodSecurityPolicies: - items: - type: string - type: array - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - enabled: - type: boolean - enforceTerminationPolicy: - type: boolean - env: - description: List of environment variables to set in the container. Cannot - be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the - previously defined environment variables in the container and any - service environment variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be - used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to - be empty. Instances of this type with an empty value here - are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to - be empty. Instances of this type with an empty value here - are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key - exists in multiple sources, the value associated with the last source will - take precedence. Values defined by an Env with a duplicate key will take - precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you - locate the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - insecureRegistries: - items: - type: string - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and\ - \ requires enabling the DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - psp: - properties: - enabled: - type: boolean - required: - - enabled - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object - required: - - apiserver - - enabled - - imagePullPolicy - - insecureRegistries - - monitoring - - operator - - psp - - registryFQDN - - replicaCount - - serviceAccount - - waitfor - type: object - kubedb-schema-manager: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - healthcheck: - properties: - enabled: - type: boolean - probePort: - type: integer - required: - - probePort - type: object - useKubeapiserverFqdnForAks: - type: boolean - required: - - healthcheck - - useKubeapiserverFqdnForAks - type: object - criticalAddon: - type: boolean - enabled: - type: boolean - enforceTerminationPolicy: - type: boolean - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you - locate the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - license: - type: string - licenseSecretName: - type: string - logLevel: - format: int32 - type: integer - maxConcurrentReconciles: - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - bindPort: - type: integer - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - bindPort - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and\ - \ requires enabling the DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - waitfor: - properties: - registry: - type: string - repository: - type: string - tag: - type: string - required: - - registry - - repository - - tag - type: object - required: - - apiserver - - enabled - - imagePullPolicy - - monitoring - - operator - - registryFQDN - - replicaCount - - serviceAccount - - waitfor - type: object - kubedb-webhook-server: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - ca: - type: string - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - format: int32 - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - port: - format: int32 - type: integer - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - format: int32 - type: integer - webhook: - properties: - failurePolicy: - type: string - required: - - failurePolicy - type: object - required: - - ca - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - port - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - - webhook - type: object - criticalAddon: - type: boolean - defaultSeccompProfileType: - type: string - enabled: - type: boolean - featureGates: - additionalProperties: - type: boolean - type: object - fullnameOverride: - type: string - hostNetwork: - type: boolean - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - logLevel: - format: int32 - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - server: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and\ - \ requires enabling the DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - required: - - apiserver - - enabled - - featureGates - - hostNetwork - - imagePullPolicy - - monitoring - - registryFQDN - - replicaCount - - server - - serviceAccount - type: object - petset: - properties: - enabled: - type: boolean - required: - - enabled - type: object - sidekick: - properties: - enabled: - type: boolean - required: - - enabled - type: object - supervisor: - properties: - enabled: - type: boolean - required: - - enabled - type: object -required: -- global -type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/Chart.lock b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/Chart.lock similarity index 61% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/Chart.lock rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/Chart.lock index 92fde40..d8bd84b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/Chart.lock +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/Chart.lock @@ -1,42 +1,48 @@ dependencies: - name: petset repository: oci://ghcr.io/appscode-charts - version: v2024.9.30 + version: v2025.3.14 +- name: operator-shard-manager + repository: oci://ghcr.io/appscode-charts + version: v2025.3.14 - name: sidekick repository: oci://ghcr.io/appscode-charts - version: v2024.11.8 + version: v2025.3.14 - name: supervisor repository: oci://ghcr.io/appscode-charts - version: v2024.11.8 + version: v2025.3.14 - name: kubedb-crd-manager repository: file://../kubedb-crd-manager - version: v0.7.0 + version: v0.8.0 - name: kubedb-provisioner repository: file://../kubedb-provisioner - version: v0.52.0 + version: v0.53.0 - name: kubedb-ops-manager repository: file://../kubedb-ops-manager - version: v0.39.0 + version: v0.40.0 - name: kubedb-autoscaler repository: file://../kubedb-autoscaler - version: v0.37.0 + version: v0.38.0 - name: kubedb-schema-manager repository: file://../kubedb-schema-manager - version: v0.28.0 + version: v0.29.0 - name: kubedb-webhook-server repository: file://../kubedb-webhook-server - version: v0.28.0 + version: v0.29.0 - name: kubedb-metrics repository: file://../kubedb-metrics - version: v2025.2.19 + version: v2025.3.24 - name: kubedb-catalog repository: file://../kubedb-catalog - version: v2025.2.19 + version: v2025.3.24 - name: kubedb-kubestash-catalog repository: file://../kubedb-kubestash-catalog - version: v2025.2.19 + version: v2025.3.24 +- name: kubedb-gitops + repository: file://../kubedb-gitops + version: v0.1.0 - name: ace-user-roles repository: oci://ghcr.io/appscode-charts - version: v2024.9.30 -digest: sha256:09a9a09887c192bc48b52aed2e63ae5eb4d167091329bc368b2ea47bc56c12c5 -generated: "2025-02-19T00:24:36.259659874Z" + version: v2025.3.14 +digest: sha256:e33a12fa903d5f8ea95f5e70d95dd7875d557f6c478c7471c864faf24edbf8fe +generated: "2025-03-25T00:09:49.00782184Z" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/Chart.yaml similarity index 75% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/Chart.yaml index 3d5e862..9c38f36 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/Chart.yaml @@ -1,58 +1,66 @@ apiVersion: v2 -appVersion: v2025.2.19 +appVersion: v2025.3.24 dependencies: - condition: petset.enabled name: petset repository: oci://ghcr.io/appscode-charts - version: v2024.9.30 + version: v2025.3.14 +- condition: operator-shard-manager.enabled + name: operator-shard-manager + repository: oci://ghcr.io/appscode-charts + version: v2025.3.14 - condition: sidekick.enabled name: sidekick repository: oci://ghcr.io/appscode-charts - version: v2024.11.8 + version: v2025.3.14 - condition: supervisor.enabled name: supervisor repository: oci://ghcr.io/appscode-charts - version: v2024.11.8 + version: v2025.3.14 - condition: kubedb-crd-manager.enabled name: kubedb-crd-manager repository: file://../kubedb-crd-manager - version: v0.7.0 + version: v0.8.0 - condition: kubedb-provisioner.enabled name: kubedb-provisioner repository: file://../kubedb-provisioner - version: v0.52.0 + version: v0.53.0 - condition: kubedb-ops-manager.enabled name: kubedb-ops-manager repository: file://../kubedb-ops-manager - version: v0.39.0 + version: v0.40.0 - condition: kubedb-autoscaler.enabled name: kubedb-autoscaler repository: file://../kubedb-autoscaler - version: v0.37.0 + version: v0.38.0 - condition: kubedb-schema-manager.enabled name: kubedb-schema-manager repository: file://../kubedb-schema-manager - version: v0.28.0 + version: v0.29.0 - condition: kubedb-webhook-server.enabled name: kubedb-webhook-server repository: file://../kubedb-webhook-server - version: v0.28.0 + version: v0.29.0 - condition: kubedb-metrics.enabled name: kubedb-metrics repository: file://../kubedb-metrics - version: v2025.2.19 + version: v2025.3.24 - condition: kubedb-catalog.enabled name: kubedb-catalog repository: file://../kubedb-catalog - version: v2025.2.19 + version: v2025.3.24 - condition: kubedb-kubestash-catalog.enabled name: kubedb-kubestash-catalog repository: file://../kubedb-kubestash-catalog - version: v2025.2.19 + version: v2025.3.24 +- condition: kubedb-gitops.enabled + name: kubedb-gitops + repository: file://../kubedb-gitops + version: v0.1.0 - condition: ace-user-roles.enabled name: ace-user-roles repository: oci://ghcr.io/appscode-charts - version: v2024.9.30 + version: v2025.3.14 description: KubeDB by AppsCode - Production ready databases on Kubernetes home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-icon.png @@ -63,4 +71,4 @@ name: kubedb sources: - https://github.com/kubedb type: application -version: v2025.2.19 +version: v2025.3.24 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/README.md similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/README.md index 90e0d1f..3f121b9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb --version=v2025.2.19 -$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.2.19 +$ helm search repo appscode/kubedb --version=v2025.3.24 +$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB operator on a [Kubernetes](http://kubernetes.io) clu To install/upgrade the chart with the release name `kubedb`: ```bash -$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.2.19 +$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.3.24 ``` The command deploys a KubeDB operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -83,6 +83,7 @@ The following table lists the configurable parameters of the `kubedb` chart and | global.waitForWebhook | | true | | global.networkPolicy.enabled | | false | | petset.enabled | If enabled, installs the petset chart | true | +| operator-shard-manager.enabled | If enabled, installs the operator-shard-manager chart | false | | sidekick.enabled | If enabled, installs the sidekick chart | true | | supervisor.enabled | If enabled, installs the supervisor chart | false | | kubedb-crd-manager.enabled | If enabled, installs the kubedb-crd-manager chart | true | @@ -94,30 +95,33 @@ The following table lists the configurable parameters of the `kubedb` chart and | kubedb-metrics.enabled | If enabled, installs the kubedb-metrics chart | false | | kubedb-catalog.enabled | If enabled, installs the kubedb-catalog chart | true | | kubedb-kubestash-catalog.enabled | If enabled, installs the kubedb-kubestash-catalog chart | true | +| kubedb-gitops.enabled | If enabled, installs the kubedb-gitops chart | false | | ace-user-roles.enabled | If enabled, installs the ace-user-roles chart | true | | ace-user-roles.enableClusterRoles.ace | | false | | ace-user-roles.enableClusterRoles.appcatalog | | true | | ace-user-roles.enableClusterRoles.catalog | | false | | ace-user-roles.enableClusterRoles.cert-manager | | false | -| ace-user-roles.enableClusterRoles.kubedb | | true | | ace-user-roles.enableClusterRoles.kubedb-ui | | false | +| ace-user-roles.enableClusterRoles.kubedb | | true | | ace-user-roles.enableClusterRoles.kubestash | | false | | ace-user-roles.enableClusterRoles.kubevault | | false | | ace-user-roles.enableClusterRoles.license-proxyserver | | true | | ace-user-roles.enableClusterRoles.metrics | | true | | ace-user-roles.enableClusterRoles.prometheus | | false | +| ace-user-roles.enableClusterRoles.secrets-store | | false | | ace-user-roles.enableClusterRoles.stash | | false | +| ace-user-roles.enableClusterRoles.virtual-secrets | | false | Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.2.19 --set global.registry=kubedb +$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.3.24 --set global.registry=kubedb ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.2.19 --values values.yaml +$ helm upgrade -i kubedb appscode/kubedb -n kubedb --create-namespace --version=v2025.3.24 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/.helmignore diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/Chart.yaml similarity index 87% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/Chart.yaml index ddfc25d..c13d1a4 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2024.9.30 +appVersion: v2025.3.14 description: A Helm chart for ACE user roles icon: https://cdn.appscode.com/images/products/kubeops/icons/android-icon-192x192.png maintainers: @@ -9,4 +9,4 @@ name: ace-user-roles sources: - https://github.com/kubeops/installer type: application -version: v2024.9.30 +version: v2025.3.14 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/README.md similarity index 74% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/README.md index 38f525f..051da4b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/ace-user-roles --version=v2024.9.30 -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 +$ helm search repo appscode/ace-user-roles --version=v2025.3.14 +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys ACE User Roles on a [Kubernetes](http://kubernetes.io) cluste To install/upgrade the chart with the release name `ace-user-roles`: ```bash -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 ``` The command deploys ACE User Roles on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -49,18 +49,20 @@ The following table lists the configurable parameters of the `ace-user-roles` ch |----------------------------------------|-----------------------------|--------------------------------------| | nameOverride | Overrides name template | "" | | fullnameOverride | Overrides fullname template | "" | -| enableClusterRoles.ace | | true | -| enableClusterRoles.appcatalog | | true | -| enableClusterRoles.catalog | | true | -| enableClusterRoles.cert-manager | | true | -| enableClusterRoles.kubedb | | true | -| enableClusterRoles.kubedb-ui | | true | -| enableClusterRoles.kubestash | | true | -| enableClusterRoles.kubevault | | true | -| enableClusterRoles.license-proxyserver | | true | -| enableClusterRoles.metrics | | true | -| enableClusterRoles.prometheus | | true | -| enableClusterRoles.stash | | true | +| enableClusterRoles.ace | | false | +| enableClusterRoles.appcatalog | | false | +| enableClusterRoles.catalog | | false | +| enableClusterRoles.cert-manager | | false | +| enableClusterRoles.kubedb-ui | | false | +| enableClusterRoles.kubedb | | false | +| enableClusterRoles.kubestash | | false | +| enableClusterRoles.kubevault | | false | +| enableClusterRoles.license-proxyserver | | false | +| enableClusterRoles.metrics | | false | +| enableClusterRoles.prometheus | | false | +| enableClusterRoles.secrets-store | | false | +| enableClusterRoles.stash | | false | +| enableClusterRoles.virtual-secrets | | false | | annotations.helm.sh/hook | | pre-install,pre-upgrade | | annotations.helm.sh/hook-delete-policy | | before-hook-creation | @@ -68,12 +70,12 @@ The following table lists the configurable parameters of the `ace-user-roles` ch Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 --set annotations.helm.sh/hook=pre-install,pre-upgrade +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 --set annotations.helm.sh/hook=pre-install,pre-upgrade ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 --values values.yaml +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/NOTES.txt similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/NOTES.txt diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/ace/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/ace/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/ace/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/ace/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/catalog/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/catalog/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/catalog/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/catalog/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/cert-manager/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/cert-manager/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/cert-manager/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/cert-manager/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/autoscaler.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/autoscaler.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/autoscaler.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/autoscaler.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/core.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/core.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/core.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/core.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/gitops.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/gitops.yaml new file mode 100644 index 0000000..c2a3d12 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/gitops.yaml @@ -0,0 +1,54 @@ +{{- if dig "kubedb" false .Values.enableClusterRoles }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubedb:gitops:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - gitops.kubedb.com + resources: + - "*" + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubedb:gitops:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - gitops.kubedb.com + resources: + - "*" + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kubedb:gitops:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - gitops.kubedb.com + resources: + - "*" + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/ops-manager.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/ops-manager.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/ops-manager.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/ops-manager.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/schema-manager.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/schema-manager.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubedb/schema-manager.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubedb/schema-manager.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubestash/user_roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubestash/user_roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubestash/user_roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubestash/user_roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubevault/user_roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubevault/user_roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/kubevault/user_roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/kubevault/user_roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/prometheus/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/prometheus/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/prometheus/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/prometheus/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/secrets-store/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/secrets-store/user-roles.yaml new file mode 100644 index 0000000..7ca5f2a --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/secrets-store/user-roles.yaml @@ -0,0 +1,54 @@ +{{- if dig "secrets-store" false .Values.enableClusterRoles }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:secrets-store:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - "*" + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:secrets-store:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - "*" + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appscode:secrets-store:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - "*" + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/stash/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/stash/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/templates/stash/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/stash/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/virtual-secrets/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/virtual-secrets/user-roles.yaml new file mode 100644 index 0000000..3fda31a --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/templates/virtual-secrets/user-roles.yaml @@ -0,0 +1,57 @@ +{{- if dig "virtual-secrets" false .Values.enableClusterRoles }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:virtual-secrets:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - virtual-secrets.dev + - config.virtual-secrets.dev + resources: + - "*" + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:virtual-secrets:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - virtual-secrets.dev + - config.virtual-secrets.dev + resources: + - "*" + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appscode:virtual-secrets:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - virtual-secrets.dev + - config.virtual-secrets.dev + resources: + - "*" + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/values.openapiv3_schema.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/values.openapiv3_schema.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/values.openapiv3_schema.yaml index 446c370..4b44617 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/values.openapiv3_schema.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/values.openapiv3_schema.yaml @@ -27,8 +27,12 @@ properties: type: boolean prometheus: type: boolean + secrets-store: + type: boolean stash: type: boolean + virtual-secrets: + type: boolean required: - ace - appcatalog @@ -41,7 +45,9 @@ properties: - license-proxyserver - metrics - prometheus + - secrets-store - stash + - virtual-secrets type: object fullnameOverride: type: string diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/values.yaml similarity index 56% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/values.yaml index 4e98328..8775c00 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/values.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/ace-user-roles/values.yaml @@ -8,18 +8,20 @@ nameOverride: "" fullnameOverride: "" enableClusterRoles: - ace: true - appcatalog: true - catalog: true - cert-manager: true - kubedb: true - kubedb-ui: true - kubestash: true - kubevault: true - license-proxyserver: true - metrics: true - prometheus: true - stash: true + ace: false + appcatalog: false + catalog: false + cert-manager: false + kubedb-ui: false + kubedb: false + kubestash: false + kubevault: false + license-proxyserver: false + metrics: false + prometheus: false + secrets-store: false + stash: false + virtual-secrets: false annotations: "helm.sh/hook": pre-install,pre-upgrade diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/Chart.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/Chart.yaml index 3a6c008..923b119 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.37.0 +appVersion: v0.38.0 description: KubeDB Autoscaler by AppsCode - Autoscale KubeDB operated Databases home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-autoscaler-icon.png @@ -9,4 +9,4 @@ maintainers: name: kubedb-autoscaler sources: - https://github.com/kubedb -version: v0.37.0 +version: v0.38.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/README.md similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/README.md index 034965d..58f28a1 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-autoscaler --version=v0.37.0 -$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.37.0 +$ helm search repo appscode/kubedb-autoscaler --version=v0.38.0 +$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.38.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB Autoscaler operator on a [Kubernetes](http://kuberne To install/upgrade the chart with the release name `kubedb-autoscaler`: ```bash -$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.37.0 +$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.38.0 ``` The command deploys a KubeDB Autoscaler operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -94,12 +94,12 @@ The following table lists the configurable parameters of the `kubedb-autoscaler` Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.37.0 --set replicaCount=1 +$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.38.0 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.37.0 --values values.yaml +$ helm upgrade -i kubedb-autoscaler appscode/kubedb-autoscaler -n kubedb --create-namespace --version=v0.38.0 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/crds/node.k8s.appscode.com_nodetopologies.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/crds/node.k8s.appscode.com_nodetopologies.yaml similarity index 98% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/crds/node.k8s.appscode.com_nodetopologies.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/crds/node.k8s.appscode.com_nodetopologies.yaml index 01970a3..748b10c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/crds/node.k8s.appscode.com_nodetopologies.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/crds/node.k8s.appscode.com_nodetopologies.yaml @@ -60,6 +60,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/NOTES.txt new file mode 100644 index 0000000..e1b1c16 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that KubeDB AutoScaler has started, run: + + kubectl get statefulset --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-autoscaler.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/license-checker-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/license-checker-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/license-checker-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/license-checker-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/license-reader-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/license-reader-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/license-reader-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/license-reader-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/license.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/license.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/license.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/license.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/service-headless.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/service-headless.yaml new file mode 100644 index 0000000..cc05727 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/service-headless.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubedb-autoscaler.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-autoscaler.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: metrics + port: {{ .Values.monitoring.bindPort }} + - name: probes + port: {{ .Values.apiserver.healthcheck.probePort }} + selector: + {{- include "kubedb-autoscaler.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/service.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/service.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/servicemonitor.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/servicemonitor.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/statefulset.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/statefulset.yaml index def5fb2..aab1c72 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/statefulset.yaml @@ -23,7 +23,7 @@ {{- end }} apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: {{ include "kubedb-autoscaler.fullname" . }} namespace: {{ .Release.Namespace }} @@ -35,6 +35,8 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + serviceName: {{ include "kubedb-autoscaler.fullname" . }}-headless selector: matchLabels: {{- include "kubedb-autoscaler.selectorLabels" . | nindent 6 }} @@ -166,9 +168,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "kubedb-autoscaler.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/storage-autoscaler-secret.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/storage-autoscaler-secret.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/templates/storage-autoscaler-secret.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/templates/storage-autoscaler-secret.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/values.openapiv3_schema.yaml new file mode 100644 index 0000000..5d607ee --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/values.openapiv3_schema.yaml @@ -0,0 +1,2181 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you locate + the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + recommender: + properties: + cpuHistogramDecayHalfLife: + type: string + memoryAggregationInterval: + type: string + memoryAggregationIntervalCount: + format: int64 + type: integer + memoryHistogramDecayHalfLife: + type: string + required: + - cpuHistogramDecayHalfLife + - memoryAggregationInterval + - memoryAggregationIntervalCount + - memoryHistogramDecayHalfLife + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + storageAutoscaler: + properties: + prometheus: + properties: + address: + type: string + bearerToken: + type: string + caCert: + type: string + required: + - address + type: object + required: + - prometheus + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array + updateInterval: + type: string + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object +required: +- apiserver +- imagePullPolicy +- monitoring +- operator +- registryFQDN +- replicaCount +- serviceAccount +- waitfor +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-autoscaler/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-autoscaler/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/Chart.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/Chart.yaml index 3902be9..71c45ab 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2025.2.19 +appVersion: v2025.3.24 description: KubeDB Catalog by AppsCode - Catalog for database versions home: https://kubedb.com icon: https://cdn.appscode.com/images/icon/kubedb.png @@ -9,4 +9,4 @@ maintainers: name: kubedb-catalog sources: - https://github.com/kubedb -version: v2025.2.19 +version: v2025.3.24 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/README.md similarity index 97% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/README.md index 808f6e3..6245255 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-catalog --version=v2025.2.19 -$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.2.19 +$ helm search repo appscode/kubedb-catalog --version=v2025.3.24 +$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys KubeDB catalog on a [Kubernetes](http://kubernetes.io) cluste To install/upgrade the chart with the release name `kubedb-catalog`: ```bash -$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.2.19 +$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.3.24 ``` The command deploys KubeDB catalog on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -124,12 +124,12 @@ The following table lists the configurable parameters of the `kubedb-catalog` ch Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.2.19 --set proxies.ghcr=ghcr.io +$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.3.24 --set proxies.ghcr=ghcr.io ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.2.19 --values values.yaml +$ helm upgrade -i kubedb-catalog appscode/kubedb-catalog -n kubedb --create-namespace --version=v2025.3.24 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_cassandraversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_cassandraversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_cassandraversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_cassandraversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_clickhouseversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_clickhouseversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_clickhouseversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_clickhouseversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_druidversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_druidversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_druidversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_druidversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_elasticsearchversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_elasticsearchversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_elasticsearchversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_elasticsearchversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_etcdversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_etcdversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_etcdversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_etcdversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_ferretdbversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_ferretdbversions.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_ferretdbversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_ferretdbversions.yaml index f276481..241f53c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_ferretdbversions.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_ferretdbversions.yaml @@ -53,6 +53,13 @@ spec: type: object deprecated: type: boolean + postgres: + properties: + version: + type: string + required: + - version + type: object securityContext: properties: runAsUser: @@ -89,6 +96,7 @@ spec: type: string required: - db + - postgres - version type: object type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaconnectorversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaconnectorversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaconnectorversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaconnectorversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_kafkaversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mariadbversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mariadbversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mariadbversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mariadbversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_memcachedversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_memcachedversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_memcachedversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_memcachedversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mongodbversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mongodbversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mongodbversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mongodbversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mssqlserverversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mssqlserverversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mssqlserverversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mssqlserverversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mysqlversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mysqlversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mysqlversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_mysqlversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_perconaxtradbversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_perconaxtradbversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_perconaxtradbversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_perconaxtradbversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgbouncerversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgbouncerversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgbouncerversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgbouncerversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgpoolversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgpoolversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgpoolversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_pgpoolversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_postgresversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_postgresversions.yaml similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_postgresversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_postgresversions.yaml index 2e8ff74..dc3d63d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_postgresversions.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_postgresversions.yaml @@ -130,6 +130,7 @@ spec: - TimescaleDB - PostGIS - KubeDB + - DocumentDB - PostgreSQL type: string exporter: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_proxysqlversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_proxysqlversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_proxysqlversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_proxysqlversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_rabbitmqversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_rabbitmqversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_rabbitmqversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_rabbitmqversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_redisversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_redisversions.yaml similarity index 97% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_redisversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_redisversions.yaml index 02e95e4..d333b9b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_redisversions.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_redisversions.yaml @@ -60,6 +60,11 @@ spec: type: object deprecated: type: boolean + distribution: + enum: + - Redis + - Valkey + type: string exporter: properties: image: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_schemaregistryversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_schemaregistryversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_schemaregistryversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_schemaregistryversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_singlestoreversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_singlestoreversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_singlestoreversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_singlestoreversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_solrversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_solrversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_solrversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_solrversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_zookeeperversions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_zookeeperversions.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_zookeeperversions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/crds/catalog.kubedb.com_zookeeperversions.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-4.1.6.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-4.1.6.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-4.1.6.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-4.1.6.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-5.0.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-5.0.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-5.0.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/cassandra/cassandra-5.0.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/clickhouse/clickhouse-24.4.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/clickhouse/clickhouse-24.4.1.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/clickhouse/clickhouse-24.4.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/clickhouse/clickhouse-24.4.1.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/custom.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/custom.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/custom.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/custom.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-25.0.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-25.0.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-25.0.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-25.0.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-30.0.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-30.0.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-30.0.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/deprecated-druid-30.0.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/druid-28.0.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/druid-28.0.1.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/druid-28.0.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/druid-28.0.1.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/druid-30.0.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/druid-30.0.1.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/druid-30.0.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/druid-30.0.1.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/druid-31.0.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/druid-31.0.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/druid/druid-31.0.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/druid/druid-31.0.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.2.2-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.2.2-opensearch.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.2.2-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.2.2-opensearch.yaml index 4a806ce..c15cfac 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.2.2-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.2.2-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.2.2-opensearch-v2021.12.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ version: 1.2.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opensearch-1.2.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.3.2-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.3.2-opensearch.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.3.2-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.3.2-opensearch.yaml index 39a01ab..7380a4a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.3.2-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-1.3.2-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.3.2-opensearch-v2022.05.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ version: 1.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opensearch-1.3.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6-searchguard.yaml index ed1a376..557c19b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "5.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.6" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "5.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.6-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.16-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.16-kubedb.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.16-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.16-kubedb.yaml index 9c16c7e..38a73e0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.16-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.16-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:5.6.16-searchguard-v2022.02.22' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -36,6 +34,8 @@ spec: restoreTask: name: elasticsearch-restore-5.6.4 version: 5.6.16 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-searchguard-5.6.16" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.4-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.4-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.4-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.4-searchguard.yaml index 62f68ed..fc33599 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.4-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-5.6.4-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 5.6.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.6.4" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 5.6.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.6.4-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2-searchguard.yaml index 53efffa..91ac572 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "6.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "6.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2.4-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2.4-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2.4-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2.4-searchguard.yaml index e2ae51d..f9523d8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2.4-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.2.4-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.2.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2.4" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.2.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2.4-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3-searchguard.yaml index 36e5ce4..49f29df 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "6.3" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.3" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "6.3" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.3-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3.0-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3.0-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3.0-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3.0-searchguard.yaml index 45e15c0..86b85e0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3.0-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.3.0-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.3.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.3.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.3.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.3.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4-searchguard.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4-searchguard.yaml index 43c1638..2f86611 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: "6.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.4" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4.0-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4.0-searchguard.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4.0-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4.0-searchguard.yaml index b72d005..8a2337b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4.0-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.4.0-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.4.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.4.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.5.3-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.5.3-searchguard.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.5.3-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.5.3-searchguard.yaml index 9eb4962..0f11589 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.5.3-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.5.3-searchguard.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.5.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.5" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.5.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.5.3" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.0-elasticstack.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.0-elasticstack.yaml index 2eef21c..061e1b2 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.0-elasticstack.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.8" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 6.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.8.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.1-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.1-searchguard.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.1-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.1-searchguard.yaml index 4e1f245..e16067a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.1-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.1-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.1-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.5.0 version: 6.8.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-6.8.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.1-searchguard-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: - name: args value: --match=^(?!searchguard)([a-zA-Z0-9_-]+)(?!kubedb-system)$ version: 6.8.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-6.8.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.10-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.10-elasticstack.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.10-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.10-elasticstack.yaml index 456f7d3..5931006 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.10-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.10-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.10-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -30,6 +31,8 @@ spec: restoreTask: name: elasticsearch-restore-6.8.0 version: 6.8.10 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-6.8.10" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -51,8 +54,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.10-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -66,6 +67,8 @@ spec: allowlist: - < 7.5.0 version: 6.8.10 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-6.8.10-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.16-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.16-elasticstack.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.16-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.16-elasticstack.yaml index f629e88..3403e31 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.16-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.16-elasticstack.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.16-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -36,6 +34,8 @@ spec: allowlist: - < 7.5.0 version: 6.8.16 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-6.8.16" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.22-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.22-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.22-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.22-elasticstack.yaml index a832d4c..694eab8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.22-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-6.8.22-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.22-xpack-v2021.12.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,6 +44,8 @@ spec: allowlist: - < 7.5.0 version: 6.8.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-6.8.22" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-elasticstack.yaml index 42486ac..303990e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.0.1-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -30,6 +31,8 @@ spec: restoreTask: name: elasticsearch-restore-7.2.0 version: 7.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.0.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -51,8 +54,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.0.1-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -72,6 +73,8 @@ spec: allowlist: - < 7.5.0 version: 7.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.0.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-opendistro.yaml index a5b7779..0875da6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.0.2-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.5.0 version: 7.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.0.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.0.2-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.5.0 version: 7.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.0.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-searchguard.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-searchguard.yaml index 9830da0..2f9b4db 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.0.1-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.0.1-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.5.0 version: 7.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.0.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -63,8 +63,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.0.1-searchguard-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -81,6 +82,8 @@ spec: allowlist: - < 7.5.0 version: 7.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.0.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-elasticstack.yaml index 3456665..75d8e79 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.1.1-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.6.0 version: 7.1.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.1.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.1.1-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.1.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.1.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-opendistro.yaml index fcd22e8..fde9976 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.1.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.6.0 version: 7.1.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.1.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.1.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.1.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.1.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-searchguard.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-searchguard.yaml index 0539cae..828a9a9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.1.1-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.1.1-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.6.0 version: 7.1.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.1.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -63,8 +63,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.1.1-searchguard-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -78,6 +79,8 @@ spec: allowlist: - < 7.6.0 version: 7.1.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.1.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.0-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.0-opendistro.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.0-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.0-opendistro.yaml index d35cb42..e6950ca 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.0-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.0-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.12.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.15.0 version: 7.10.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.12.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-opendistro.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-opendistro.yaml index caaf5f8..44bd98b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.13.2-opendistro-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.15.0 version: 7.10.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.13.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-searchguard.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-searchguard.yaml index cf4a8e9..35443d2 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.10.2-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.10.2-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.15.0 version: 7.10.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.10.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-elasticstack.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-elasticstack.yaml index b08e979..417b0dc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.12.0-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -40,6 +38,8 @@ spec: allowlist: - < 7.15.0 version: 7.12.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.12.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -61,8 +61,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.12.0-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -82,6 +80,8 @@ spec: allowlist: - < 7.15.0 version: 7.12.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.12.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-kubedb.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-kubedb.yaml index 96fe04d..f13dfd7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.12.0-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:7.12.0-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.15.0 version: 7.12.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-xpack-7.12.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-elasticstack.yaml index 0d99c01..e8fb8d2 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.13.2-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,6 +44,8 @@ spec: allowlist: - < 7.15.0 version: 7.13.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.13.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-kubedb.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-kubedb.yaml index 2b1177b..83c1f05 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.13.2-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:7.13.2-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.15.0 version: 7.13.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-xpack-7.13.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-elasticstack.yaml index d522bc8..b0a7434 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.14.0-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,6 +44,8 @@ spec: allowlist: - < 7.18.0 version: 7.14.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.14.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-kubedb.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-kubedb.yaml index f98d376..ab81595 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.0-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:7.14.0-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.18.0 version: 7.14.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-xpack-7.14.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.2-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.2-searchguard.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.2-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.2-searchguard.yaml index d1a754c..d11eb22 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.2-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.14.2-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.14.2-searchguard-v2021.11.10' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.18.0 version: 7.14.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.14.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-elasticstack.yaml index 0f40789..ab4cce7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.16.2-xpack-v2021.12.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,6 +44,8 @@ spec: allowlist: - < 7.18.0 version: 7.16.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.16.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-kubedb.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-kubedb.yaml index e3e3572..a877fc8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.16.2-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:7.16.2-xpack-v2021.12.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.18.0 version: 7.16.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-xpack-7.16.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.10-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.10-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.10-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.10-elasticstack.yaml index 72dc288..a5c7eb4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.10-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.10-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.17.10-xpack-v2023.11.27' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!kubedb-system).+ version: 7.17.10 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.17.10" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.3-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.3-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.3-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.3-elasticstack.yaml index af2a6ba..2ebb760 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.3-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.17.3-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.17.3-xpack-v2022.05.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!kubedb-system).+ version: 7.17.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.17.3" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.0-elasticstack.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.0-elasticstack.yaml index be51dd7..c91e945 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.0-elasticstack.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 7.2.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 7.2.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.2.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-elasticstack.yaml index 993460d..d8ae560 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.2.1-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.6.0 version: 7.2.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.2.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.2.1-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.2.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.2.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-opendistro.yaml index aa0671f..5387e6b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.2.1-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.2.1-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.6.0 version: 7.2.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.2.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.2.1-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.2.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.2.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-elasticstack.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-elasticstack.yaml index 9c3fd6f..2d3b52c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-elasticstack.yaml @@ -21,9 +21,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.3" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -45,9 +48,12 @@ spec: initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/yq") $) }}:2.4.0' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.3.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -69,8 +75,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.3.2-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -78,6 +85,8 @@ spec: restoreTask: name: elasticsearch-restore-7.3.2 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.3.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -99,8 +108,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.3.2-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -120,6 +127,8 @@ spec: allowlist: - < 7.6.0 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.3.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-opendistro.yaml index d09c932..412d006 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.3.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.6.0 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.3.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.3.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.3.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-searchguard.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-searchguard.yaml index 97257f4..e7746d8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.3.2-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.3.2-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.6.0 version: 7.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.3.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-elasticstack.yaml index 1774a49..3351fe5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.4.2-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.6.0 version: 7.4.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.4.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.4.2-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.4.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.4.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-opendistro.yaml index d092699..dc833ba 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.4.2-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.4.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.6.0 version: 7.4.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.4.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.4.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.6.0 version: 7.4.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.4.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-elasticstack.yaml index 8847c03..cea36c0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.5.2-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.10.0 version: 7.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.5.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.5.2-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.5.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-searchguard.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-searchguard.yaml index be80445..95c31b5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.5.2-searchguard.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.5.2-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -36,6 +37,8 @@ spec: allowlist: - < 7.10.0 version: 7.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.5.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -57,8 +60,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.5.2-searchguard-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -78,6 +79,8 @@ spec: allowlist: - < 7.10.0 version: 7.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.5.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.1-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.1-opendistro.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.1-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.1-opendistro.yaml index 6aaeab2..8ce4840 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.1-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.1-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.6.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.10.0 version: 7.6.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.6.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.6.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.6.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.6.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -96,8 +99,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.7.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -111,6 +115,8 @@ spec: allowlist: - < 7.10.0 version: 7.6.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.7.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -132,8 +138,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.7.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -147,6 +154,8 @@ spec: allowlist: - < 7.10.0 version: 7.6.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.7.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.2-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.2-elasticstack.yaml index f636339..eb4a2de 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.6.2-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.6.2-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.10.0 version: 7.6.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.6.2" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.6.2-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.6.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.6.2-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.0-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.0-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.0-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.0-opendistro.yaml index e3a0412..bf5c066 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.0-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.0-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.8.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.10.0 version: 7.7.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.8.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.8.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.7.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.8.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.1-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.1-elasticstack.yaml index e98e3fd..a9a8a46 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.7.1-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.7.1-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.10.0 version: 7.7.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.7.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.7.1-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.7.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.7.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-elasticstack.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-elasticstack.yaml index 94011b7..aa13c6c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.8.0-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.10.0 version: 7.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.8.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -54,8 +57,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.8.0-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.8.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-opendistro.yaml index 57e0a33..0a4e921 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.0-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.9.0-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.10.0 version: 7.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.9.0" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.9.0-opendistro-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.10.0 version: 7.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.9.0-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.1-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.1-searchguard.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.1-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.1-searchguard.yaml index 01a5141..238602c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.1-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.8.1-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.8.1-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.10.0 version: 7.8.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "searchguard-7.8.1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-elasticstack.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-elasticstack.yaml index 19b1c98..ce2429e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-elasticstack.yaml @@ -21,8 +21,9 @@ spec: initContainer: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "busybox") $) }}:1.32.0' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.9.1-xpack' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -33,6 +34,8 @@ spec: allowlist: - < 7.15.0 version: 7.9.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.9.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -58,8 +61,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.9.1-xpack-v1' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -73,6 +74,8 @@ spec: allowlist: - < 7.15.0 version: 7.9.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.9.1-v1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -94,8 +97,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.9.1-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -112,6 +113,8 @@ spec: - name: args value: --match=^(?![.])(?!kubedb-system).+ version: 7.9.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-7.9.1-v2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-kubedb.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-kubedb.yaml index 848acf2..e1c4014 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:7.9.1-xpack-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,6 +40,8 @@ spec: allowlist: - < 7.15.0 version: 7.9.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-xpack-7.9.1" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-opendistro.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-opendistro.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-opendistro.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-opendistro.yaml index cd8e49c..b71be44 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-opendistro.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-7.9.1-opendistro.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.10.1-opendistro' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: allowlist: - < 7.18.0 version: 7.9.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.10.1" .Values.enableVersions.Elasticsearch) }} {{ end }} @@ -60,8 +60,9 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.11.0-opendistro-v2021.08.23' - podSecurityPolicies: - databasePolicyName: elasticsearch-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 stash: addon: backupTask: @@ -75,6 +76,8 @@ spec: allowlist: - < 7.15.0 version: 7.9.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "opendistro-1.11.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-elasticstack.yaml index cbe2910..d703b40 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.2.0-xpack-v2023.11.27' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ version: 8.2.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-8.2.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-kubedb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-kubedb.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-kubedb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-kubedb.yaml index a7130db..29134ee 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-kubedb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.2.0-kubedb.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch") $) }}:8.2.0-xpack-v2022.05.24' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -39,6 +37,8 @@ spec: - name: args value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ version: 8.2.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "kubedb-xpack-8.2.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.5.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.5.2-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.5.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.5.2-elasticstack.yaml index 458a7ed..82f999f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.5.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.5.2-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.5.2-xpack-v2023.11.27' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ version: 8.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-8.5.2" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.8.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.8.0-elasticstack.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.8.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.8.0-elasticstack.yaml index 3bb4642..b83249d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.8.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/deprecated-elasticsearch-8.8.0-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.8.0-xpack-v2023.11.27' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -43,6 +41,8 @@ spec: - name: args value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ version: 8.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "xpack-8.8.0" .Values.enableVersions.Elasticsearch) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.1.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.1.0-opensearch.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.1.0-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.1.0-opensearch.yaml index 8d33065..9535704 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.1.0-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.1.0-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.1.0-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 1.1.0, < 1.3.20' version: 1.1.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.2.4-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.2.4-opensearch.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.2.4-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.2.4-opensearch.yaml index a6c41cb..626f4f0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.2.4-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.2.4-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.2.4-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 1.2.4, < 1.3.20' version: 1.2.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.13-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.13-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.13-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.13-opensearch.yaml index 8942151..a6f5452 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.13-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.13-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.3.13-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 1.3.13, < 2.18.1' + - '>= 1.3.13, < 2.19.1' version: 1.3.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.18-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.18-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.18-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.18-opensearch.yaml index cb9e2a7..ad96f10 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.18-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.18-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.3.18-opensearch-v2024.08.29' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 1.3.18, < 2.18.1' + - '>= 1.3.18, < 2.19.1' version: 1.3.18 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.19-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.19-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.19-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.19-opensearch.yaml index 2d6fb5e..b5f8672 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.19-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-1.3.19-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:1.3.19-opensearch-v2024.12.18' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 1.3.19, < 2.18.1' + - '>= 1.3.19, < 2.19.1' version: 1.3.19 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.0.1-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.0.1-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.0.1-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.0.1-opensearch.yaml index d707e9f..ba6c33f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.0.1-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.0.1-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.0.1-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.0.1, < 2.18.1' + - '>= 2.0.1, < 2.19.1' version: 2.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.11.1-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.11.1-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.11.1-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.11.1-opensearch.yaml index 400d904..c317d52 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.11.1-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.11.1-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.11.1-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.11.1, < 2.18.1' + - '>= 2.11.1, < 2.19.1' version: 2.11.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.14.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.14.0-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.14.0-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.14.0-opensearch.yaml index 4b72892..a740153 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.14.0-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.14.0-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.14.0-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.14.0, < 2.18.1' + - '>= 2.14.0, < 2.19.1' version: 2.14.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.16.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.16.0-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.16.0-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.16.0-opensearch.yaml index 2531fc2..3a471be 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.16.0-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.16.0-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.16.0-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.16.0, < 2.18.1' + - '>= 2.16.0, < 2.19.1' version: 2.16.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.17.1-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.17.1-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.17.1-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.17.1-opensearch.yaml index 5f67bbe..56d3441 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.17.1-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.17.1-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.17.1-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.17.1, < 2.18.1' + - '>= 2.17.1, < 2.19.1' version: 2.17.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.18.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.18.0-opensearch.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.18.0-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.18.0-opensearch.yaml index e3f1b2d..9e42d28 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.18.0-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.18.0-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.18.0-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 2.18.0, < 3.0.0' version: 2.18.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.19.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.19.0-opensearch.yaml new file mode 100644 index 0000000..f0395e2 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.19.0-opensearch.yaml @@ -0,0 +1,49 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Elasticsearch }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: ElasticsearchVersion +metadata: + name: 'opensearch-2.19.0' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + authPlugin: OpenSearch + dashboard: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/opensearch-dashboards") $) }}:2.19.0' + dashboardInitContainer: + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-dashboard-init") $) }}:2.19.0-opensearch-v2025.02.20' + db: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/opensearch") $) }}:2.19.0' + distribution: OpenSearch + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/elasticsearch-exporter") $) }}:v1.7.0' + initContainer: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.19.0-opensearch-v2025.02.20' + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 + stash: + addon: + backupTask: + name: elasticsearch-backup-7.14.0 + params: + - name: args + value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ + restoreTask: + name: elasticsearch-restore-7.14.0 + params: + - name: args + value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ + updateConstraints: + allowlist: + - '>= 2.19.0, < 3.0.0' + version: 2.19.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.5.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.5.0-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.5.0-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.5.0-opensearch.yaml index 13cc000..9d7d752 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.5.0-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.5.0-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.5.0-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.5.0, < 2.18.1' + - '>= 2.5.0, < 2.19.1' version: 2.5.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.8.0-opensearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.8.0-opensearch.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.8.0-opensearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.8.0-opensearch.yaml index 7299796..a57b380 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.8.0-opensearch.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-2.8.0-opensearch.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:2.8.0-opensearch-v2024.12.14' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -44,6 +42,8 @@ spec: value: --match=^(?![.])(?!security-auditlog)(?!kubedb-system).+ updateConstraints: allowlist: - - '>= 2.8.0, < 2.18.1' + - '>= 2.8.0, < 2.19.1' version: 2.8.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-6.8.23-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-6.8.23-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-6.8.23-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-6.8.23-elasticstack.yaml index 7ba409a..484b6fa 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-6.8.23-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-6.8.23-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:6.8.23-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 6.8.23, < 7.19.10' version: 6.8.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.13.4-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.13.4-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.13.4-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.13.4-elasticstack.yaml index d844cd9..e596ee5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.13.4-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.13.4-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.13.4-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 7.13.4, < 7.18.0' version: 7.13.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.14.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.14.2-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.14.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.14.2-elasticstack.yaml index 6999b56..bdc541b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.14.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.14.2-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.14.2-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 7.14.2, < 7.18.0' version: 7.14.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.16.3-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.16.3-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.16.3-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.16.3-elasticstack.yaml index c1c5f37..cb6351d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.16.3-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.16.3-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.16.3-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 7.16.3, < 7.18.0' version: 7.16.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.15-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.15-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.15-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.15-elasticstack.yaml index bdc80ab..f4a7bd0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.15-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.15-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.17.15-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 7.17.15, < 9.0.0' version: 7.17.15 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.23-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.23-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.23-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.23-elasticstack.yaml index d6f948e..36a474d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.23-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.23-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.17.23-xpack-v2024.08.29' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 7.17.23, < 9.0.0' version: 7.17.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.25-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.25-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.25-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.25-elasticstack.yaml index 61fe6bc..6ab0843 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.25-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.25-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.17.25-xpack-v2024.12.18' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 7.17.25, < 9.0.0' version: 7.17.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.27-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.27-elasticstack.yaml new file mode 100644 index 0000000..294e37a --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.17.27-elasticstack.yaml @@ -0,0 +1,49 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Elasticsearch }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: ElasticsearchVersion +metadata: + name: 'xpack-7.17.27' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + authPlugin: X-Pack + dashboard: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kibana") $) }}:7.17.27' + dashboardInitContainer: + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-dashboard-init") $) }}:7.17.27-xpack-v2025.02.28' + db: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/elastic") $) }}:7.17.27' + distribution: ElasticStack + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/elasticsearch-exporter") $) }}:v1.7.0' + initContainer: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.17.27-xpack-v2025.02.28' + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 + stash: + addon: + backupTask: + name: elasticsearch-backup-8.2.0 + params: + - name: args + value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ + restoreTask: + name: elasticsearch-restore-8.2.0 + params: + - name: args + value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ + updateConstraints: + allowlist: + - '>= 7.17.27, < 9.0.0' + version: 7.17.27 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.9.3-searchguard.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.9.3-searchguard.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.9.3-searchguard.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.9.3-searchguard.yaml index b04db91..2e9b15b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.9.3-searchguard.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-7.9.3-searchguard.yaml @@ -21,8 +21,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:7.9.3-searchguard' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -42,4 +40,6 @@ spec: allowlist: - '>= 7.9.3, < 7.18.0' version: 7.9.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.1-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.1-elasticstack.yaml index f012af8..6c381e6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.1-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.11.1-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.11.1, < 9.0.0' version: 8.11.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.4-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.4-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.4-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.4-elasticstack.yaml index 654a3f7..161f525 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.4-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.11.4-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.11.4-xpack-v2024.08.29' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.11.4, < 9.0.0' version: 8.11.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.13.4-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.13.4-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.13.4-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.13.4-elasticstack.yaml index eb40946..6fefe6e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.13.4-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.13.4-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.13.4-xpack-v2024.05.29' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.13.4, < 9.0.0' version: 8.13.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.1-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.1-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.1-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.1-elasticstack.yaml index a872d68..0ccf647 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.1-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.1-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.14.1-xpack-v2024.06.26' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.14.1, < 9.0.0' version: 8.14.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.3-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.3-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.3-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.3-elasticstack.yaml index 980ac7f..8961246 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.3-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.14.3-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.14.3-xpack-v2024.08.29' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.14.3, < 9.0.0' version: 8.14.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.0-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.0-elasticstack.yaml index 48b93a2..46b3ac3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.0-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.15.0-xpack-v2024.08.21' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.15.0, < 9.0.0' version: 8.15.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.4-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.4-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.4-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.4-elasticstack.yaml index bf92750..735deb3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.4-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.15.4-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.15.4-xpack-v2024.12.18' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.15.4, < 9.0.0' version: 8.15.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.0-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.0-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.0-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.0-elasticstack.yaml index ad3731e..0a849b7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.0-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.0-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.16.0-xpack-v2024.11.22' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.16.0, < 9.0.0' version: 8.16.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.4-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.4-elasticstack.yaml new file mode 100644 index 0000000..a344492 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.16.4-elasticstack.yaml @@ -0,0 +1,49 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Elasticsearch }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: ElasticsearchVersion +metadata: + name: 'xpack-8.16.4' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + authPlugin: X-Pack + dashboard: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kibana") $) }}:8.16.4' + dashboardInitContainer: + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-dashboard-init") $) }}:8.16.4-xpack-v2025.02.28' + db: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/elastic") $) }}:8.16.4' + distribution: ElasticStack + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/elasticsearch-exporter") $) }}:v1.7.0' + initContainer: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.16.4-xpack-v2025.02.28' + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 + stash: + addon: + backupTask: + name: elasticsearch-backup-8.2.0 + params: + - name: args + value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ + restoreTask: + name: elasticsearch-restore-8.2.0 + params: + - name: args + value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ + updateConstraints: + allowlist: + - '>= 8.16.4, < 9.0.0' + version: 8.16.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.17.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.17.2-elasticstack.yaml new file mode 100644 index 0000000..8041f87 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.17.2-elasticstack.yaml @@ -0,0 +1,49 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Elasticsearch }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: ElasticsearchVersion +metadata: + name: 'xpack-8.17.2' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + authPlugin: X-Pack + dashboard: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kibana") $) }}:8.17.2' + dashboardInitContainer: + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-dashboard-init") $) }}:8.17.2-xpack-v2025.02.25' + db: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/elastic") $) }}:8.17.2' + distribution: ElasticStack + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/elasticsearch-exporter") $) }}:v1.7.0' + initContainer: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' + yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.17.2-xpack-v2025.02.25' + securityContext: + runAsAnyNonRoot: true + runAsUser: 1000 + stash: + addon: + backupTask: + name: elasticsearch-backup-8.2.0 + params: + - name: args + value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ + restoreTask: + name: elasticsearch-restore-8.2.0 + params: + - name: args + value: --match=^(?![.])(?!apm-agent-configuration)(?!kubedb-system).+ + updateConstraints: + allowlist: + - '>= 8.17.2, < 9.0.0' + version: 8.17.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.2.3-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.2.3-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.2.3-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.2.3-elasticstack.yaml index d93f49e..3708714 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.2.3-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.2.3-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.2.3-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.2.3, < 9.0.0' version: 8.2.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.5.3-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.5.3-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.5.3-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.5.3-elasticstack.yaml index 68636d2..b5ad4a7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.5.3-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.5.3-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.5.3-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.5.3, < 9.0.0' version: 8.5.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.6.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.6.2-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.6.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.6.2-elasticstack.yaml index 8f11c7c..b7f3159 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.6.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.6.2-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.6.2-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.6.2, < 9.0.0' version: 8.6.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.8.2-elasticstack.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.8.2-elasticstack.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.8.2-elasticstack.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.8.2-elasticstack.yaml index 5e80fdb..d0ef95b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.8.2-elasticstack.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-8.8.2-elasticstack.yaml @@ -25,8 +25,6 @@ spec: initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' yqImage: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-init") $) }}:8.8.2-xpack-v2023.12.07' - podSecurityPolicies: - databasePolicyName: elasticsearch-db securityContext: runAsAnyNonRoot: true runAsUser: 1000 @@ -46,4 +44,6 @@ spec: allowlist: - '>= 8.8.2, < 9.0.0' version: 8.8.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "elasticsearch-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/elasticsearch/elasticsearch-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml index e37711c..39cddce 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.18.0.yaml @@ -14,6 +14,8 @@ metadata: spec: db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/ferretdb") $) }}:1.18.0' + postgres: + version: 17.4-bookworm securityContext: runAsUser: 1000 version: 1.18.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.23.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.23.0.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.23.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.23.0.yaml index 5ed4fce..5041b39 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.23.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.23.0.yaml @@ -14,6 +14,8 @@ metadata: spec: db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/ferretdb") $) }}:1.23.0' + postgres: + version: 17.4-bookworm securityContext: runAsUser: 1000 version: 1.23.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.24.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.24.0.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.24.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.24.0.yaml index 63f5ac3..b9b05c8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.24.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-1.24.0.yaml @@ -14,6 +14,8 @@ metadata: spec: db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/ferretdb") $) }}:1.24.0' + postgres: + version: 17.4-bookworm securityContext: runAsUser: 1000 version: 1.24.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-2.0.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-2.0.0.yaml new file mode 100644 index 0000000..46d2e5c --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/ferretdb/ferretdb-2.0.0.yaml @@ -0,0 +1,22 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.FerretDB }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: FerretDBVersion +metadata: + name: '2.0.0' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + db: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/ferretdb") $) }}:2.0.0' + postgres: + version: 17.4-documentdb + securityContext: + runAsUser: 1000 + version: 2.0.0 +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.0.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.0.yaml index b3296ba..1e2d8a6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.0.yaml @@ -18,14 +18,14 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/cruise-control") $) }}:3.3.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/kafka-kraft") $) }}:3.3.0' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: - name: kafka-ui version: v2024.4.27 version: 3.3.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.3.0" .Values.enableVersions.Kafka) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.2.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.2.yaml index a86d7d1..9c3d6d0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.3.2.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.3.2' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.3.2' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,6 +29,8 @@ spec: denylist: - < 3.3.2 version: 3.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.3.2" .Values.enableVersions.Kafka) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.0.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.0.yaml index 7d34e2f..3d11ef9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.0.yaml @@ -18,14 +18,14 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/cruise-control") $) }}:3.4.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/kafka-kraft") $) }}:3.4.0' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: - name: kafka-ui version: v2024.4.27 version: 3.4.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4.0" .Values.enableVersions.Kafka) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.1.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.1.yaml index 7fb4e36..9ea5fd3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.4.1.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.4.1' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.4.1' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,6 +29,8 @@ spec: denylist: - < 3.4.1 version: 3.4.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4.1" .Values.enableVersions.Kafka) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.5.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.5.1.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.5.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.5.1.yaml index 4360885..c890a74 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.5.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.5.1.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.5.1' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.5.1' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,6 +29,8 @@ spec: denylist: - < 3.5.1 version: 3.5.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.5.1" .Values.enableVersions.Kafka) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.6.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.6.0.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.6.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.6.0.yaml index 9311d34..a2dc289 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.6.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/deprecated-kafka-3.6.0.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.6.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.6.0' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,6 +29,8 @@ spec: denylist: - < 3.6.0 version: 3.6.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6.0" .Values.enableVersions.Kafka) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.5.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.5.2.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.5.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.5.2.yaml index 362ee80..262f559 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.5.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.5.2.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.5.2' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.5.2' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,4 +29,6 @@ spec: denylist: - < 3.5.2 version: 3.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.6.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.6.1.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.6.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.6.1.yaml index b55245d..19800a1 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.6.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.6.1.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.6.1' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.6.1' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,4 +29,6 @@ spec: denylist: - < 3.6.1 version: 3.6.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.7.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.7.2.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.7.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.7.2.yaml index 122fdc9..059a341 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.7.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.7.2.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.7.2' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.7.2' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,4 +29,6 @@ spec: denylist: - < 3.7.2 version: 3.7.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.8.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.8.1.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.8.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.8.1.yaml index 659597b..0efcd0b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.8.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.8.1.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.8.1' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.8.1' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,4 +29,6 @@ spec: denylist: - < 3.8.1 version: 3.8.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.9.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.9.0.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.9.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.9.0.yaml index 44438cf..2c38535 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.9.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-3.9.0.yaml @@ -18,8 +18,6 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-cruise-control") $) }}:3.9.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/kafka-kraft") $) }}:3.9.0' - podSecurityPolicies: - databasePolicyName: kafka-db securityContext: runAsUser: 1001 ui: @@ -31,4 +29,6 @@ spec: denylist: - < 3.9.0 version: 3.9.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "kafka-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafka/kafka-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafka/kafka-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-1.11.0-mongodb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-1.11.0-mongodb.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-1.11.0-mongodb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-1.11.0-mongodb.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-mysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-mysql.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-mysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-mysql.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-postgres.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-postgres.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-postgres.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/deprecated-kafkaconnector-2.4.2-postgres.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-0.13.0-gcs.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-0.13.0-gcs.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-0.13.0-gcs.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-0.13.0-gcs.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.13.1-mongodb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.13.1-mongodb.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.13.1-mongodb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.13.1-mongodb.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.14.1-mongodb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.14.1-mongodb.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.14.1-mongodb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-1.14.1-mongodb.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.15.0-s3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.15.0-s3.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.15.0-s3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.15.0-s3.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.6.1-jdbc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.6.1-jdbc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.6.1-jdbc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.6.1-jdbc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-jdbc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-jdbc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-jdbc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-jdbc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-mysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-mysql.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-mysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-mysql.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-postgres.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-postgres.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-postgres.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-2.7.4-postgres.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-jdbc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-jdbc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-jdbc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-jdbc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-mysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-mysql.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-mysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-mysql.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-postgres.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-postgres.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-postgres.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/kafkaconnector/kafkaconnector-3.0.5-postgres.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.10.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.10.2.yaml similarity index 75% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.10.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.10.2.yaml index 36936e8..64c3bcc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.10.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.10.2.yaml @@ -13,15 +13,17 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.10.2-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -31,6 +33,8 @@ spec: restoreTask: name: mariadb-restore-10.5.8 version: 10.10.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.10.2" .Values.enableVersions.MariaDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.11.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.11.2.yaml similarity index 75% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.11.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.11.2.yaml index 2f5b632..461095d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.11.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.11.2.yaml @@ -13,15 +13,17 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.11.2-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -31,6 +33,8 @@ spec: restoreTask: name: mariadb-restore-10.5.8 version: 10.11.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.11.2" .Values.enableVersions.MariaDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.17.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.17.yaml similarity index 72% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.17.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.17.yaml index d3d83d5..b0fa7e2 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.17.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.17.yaml @@ -13,15 +13,19 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mariadb") $) }}:10.4.17' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -29,6 +33,8 @@ spec: restoreTask: name: mariadb-restore-10.5.8 version: 10.4.17 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.4.17" .Values.enableVersions.MariaDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.31.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.31.yaml similarity index 75% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.31.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.31.yaml index 74b938c..1aa482e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.31.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.4.31.yaml @@ -13,15 +13,17 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.4.31-focal' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -31,6 +33,8 @@ spec: restoreTask: name: mariadb-restore-10.5.8 version: 10.4.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.4.31" .Values.enableVersions.MariaDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.5.8.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.5.8.yaml similarity index 72% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.5.8.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.5.8.yaml index caa00ab..8c4b802 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.5.8.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.5.8.yaml @@ -13,15 +13,19 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mariadb") $) }}:10.5.8' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -29,6 +33,8 @@ spec: restoreTask: name: mariadb-restore-10.5.8 version: 10.5.8 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.5.8" .Values.enableVersions.MariaDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.6.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.6.4.yaml similarity index 75% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.6.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.6.4.yaml index 321a883..5222a30 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.6.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/deprecated-mariadb-10.6.4.yaml @@ -13,15 +13,17 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.6.4-focal' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -31,6 +33,8 @@ spec: restoreTask: name: mariadb-restore-10.5.8 version: 10.6.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.6.4" .Values.enableVersions.MariaDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.10.7.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.10.7.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.10.7.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.10.7.yaml index f9ec119..e425bb5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.10.7.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.10.7.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_10.10.7-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_10.10.7-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.10.7-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 10.10.7, <= 11.6.2' version: 10.10.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.11.6.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.11.6.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.11.6.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.11.6.yaml index fc094ff..3d98de4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.11.6.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.11.6.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_10.11.6-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_10.11.6-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.11.6-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 10.11.6, <= 11.6.2' version: 10.11.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.4.32.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.4.32.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.4.32.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.4.32.yaml index 7938991..2220a4b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.4.32.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.4.32.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_10.4.32-focal' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_10.4.32-focal' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.4.32-focal' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 10.4.32, <= 11.6.2' version: 10.4.32 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.5.23.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.5.23.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.5.23.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.5.23.yaml index 2bd0f26..5c5fe30 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.5.23.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.5.23.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_10.5.23-focal' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_10.5.23-focal' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.5.23-focal' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 10.5.23, <= 11.6.2' version: 10.5.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.6.16.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.6.16.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.6.16.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.6.16.yaml index acf02b0..9312320 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.6.16.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-10.6.16.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_10.6.16-focal' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_10.6.16-focal' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:10.6.16-focal' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 10.6.16, <= 11.6.2' version: 10.6.16 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.0.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.0.4.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.0.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.0.4.yaml index ef309dd..4d366b5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.0.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.0.4.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.0.4-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.0.4-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.0.4-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.0.4, <= 11.6.2' version: 11.0.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.1.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.1.3.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.1.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.1.3.yaml index 9b3653c..25e1e83 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.1.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.1.3.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.1.3-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.1.3-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.1.3-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.1.3, <= 11.6.2' version: 11.1.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.2.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.2.2.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.2.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.2.2.yaml index bdc2fa3..0e4a023 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.2.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.2.2.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.2.2-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.2.2-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.2.2-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.2.2, <= 11.6.2' version: 11.2.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.3.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.3.2.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.3.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.3.2.yaml index a99e28a..28c14a3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.3.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.3.2.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.2.2-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.2.2-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.3.2-jammy' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.3.2, <= 11.6.2' version: 11.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.4.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.4.3.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.4.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.4.3.yaml index 6655d18..54a5660 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.4.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.4.3.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.2.2-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.2.2-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.4.3-noble' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.4.3, <= 11.6.2' version: 11.4.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.5.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.5.2.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.5.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.5.2.yaml index f54f415..fcf040f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.5.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.5.2.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.2.2-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.2.2-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.5.2-noble' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.5.2, <= 11.6.2' version: 11.5.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.6.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.6.2.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.6.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.6.2.yaml index 24d82d4..d4311d2 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.6.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-11.6.2.yaml @@ -27,17 +27,19 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.12.0_11.2.2-jammy' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-archiver") $) }}:v0.13.0_11.2.2-jammy' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.32.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-coordinator") $) }}:v0.33.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mariadb") $) }}:11.6.2-noble' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.2' - podSecurityPolicies: - databasePolicyName: maria-db + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-init") $) }}:0.5.3' + maxscale: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "mariadb/maxscale") $) }}:24.02.4' + securityContext: + runAsUser: 997 securityContext: runAsUser: 999 stash: @@ -53,4 +55,6 @@ spec: allowlist: - '>= 11.6.2, <= 11.6.2' version: 11.6.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "maria-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mariadb/mariadb-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.4.yaml similarity index 80% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.4.yaml index 55799d9..3b99c8a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.4.yaml @@ -16,9 +16,11 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/memcached") $) }}:1.5.4' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' - podSecurityPolicies: - databasePolicyName: memcached-db + securityContext: + runAsUser: 999 version: 1.5.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "1.5.4" .Values.enableVersions.Memcached) }} {{ end }} @@ -35,11 +37,11 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/memcached") $) }}:1.5.4-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/memcached-exporter") $) }}:v0.4.1' - podSecurityPolicies: - databasePolicyName: memcached-db securityContext: runAsUser: 999 version: 1.5.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "1.5.4-v1" .Values.enableVersions.Memcached) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.yaml index d4b30f5..7c583fe 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/deprecated-memcached-1.5.yaml @@ -16,9 +16,11 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/memcached") $) }}:1.5' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' - podSecurityPolicies: - databasePolicyName: memcached-db + securityContext: + runAsUser: 999 version: "1.5" + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "1.5" .Values.enableVersions.Memcached) }} {{ end }} @@ -35,9 +37,11 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/memcached") $) }}:1.5-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/memcached-exporter") $) }}:v0.4.1' - podSecurityPolicies: - databasePolicyName: memcached-db + securityContext: + runAsUser: 999 version: "1.5" + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "1.5-v1" .Values.enableVersions.Memcached) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.5.22.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.5.22.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.5.22.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.5.22.yaml index 06f9468..088273b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.5.22.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.5.22.yaml @@ -16,12 +16,12 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached") $) }}:1.5.22-alpine' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/memcached-exporter") $) }}:v0.14.2' - podSecurityPolicies: - databasePolicyName: memcached-db securityContext: runAsUser: 999 updateConstraints: allowlist: - '>=1.5.22, <= 1.6.33' version: 1.5.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.22.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.22.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.22.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.22.yaml index 7158302..1460fcd 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.22.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.22.yaml @@ -16,12 +16,12 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached") $) }}:1.6.22-alpine' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached_exporter") $) }}:v0.14.3-ac' - podSecurityPolicies: - databasePolicyName: memcached-db securityContext: runAsUser: 999 updateConstraints: allowlist: - '>=1.6.22, <= 1.6.33' version: 1.6.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.29.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.29.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.29.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.29.yaml index 507c1b8..4d68c3a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.29.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.29.yaml @@ -16,12 +16,12 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached") $) }}:1.6.29-alpine' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached_exporter") $) }}:v0.14.3-ac' - podSecurityPolicies: - databasePolicyName: memcached-db securityContext: runAsUser: 999 updateConstraints: allowlist: - '>=1.6.29, <= 1.6.33' version: 1.6.29 + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.33.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.33.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.33.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.33.yaml index 45c9948..ae8ded4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.33.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-1.6.33.yaml @@ -16,12 +16,12 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached") $) }}:1.6.33-alpine' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/memcached_exporter") $) }}:v0.14.3-ac' - podSecurityPolicies: - databasePolicyName: memcached-db securityContext: runAsUser: 999 updateConstraints: allowlist: - 1.6.33 version: 1.6.33 + podSecurityPolicies: + databasePolicyName: {{ ternary "memcached-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/memcached/memcached-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/memcached/memcached-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4-official.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4-official.yaml index a710bd3..4a5695f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4-v1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4-v2" .Values.enableVersions.MongoDB) }} {{ end }} @@ -99,11 +108,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4-v3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.17-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.17-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.17-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.17-official.yaml index 2099385..3c2db19 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.17-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.17-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 0 + runAsUser: 1001 version: 3.4.17 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4.17" .Values.enableVersions.MongoDB) }} {{ end }} @@ -63,10 +66,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -80,6 +81,8 @@ spec: allowlist: - '>= 3.6.0, < 3.7.0' version: 3.4.17 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4.17-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.22-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.22-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.22-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.22-official.yaml index 191af52..02cebd8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.22-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.4.22-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.4.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4-v4" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:0.1.0' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.4.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4-v5" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.4.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4.22" .Values.enableVersions.MongoDB) }} {{ end }} @@ -115,10 +124,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -132,6 +139,8 @@ spec: allowlist: - '>= 3.6.0, < 3.7.0' version: 3.4.22 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.4.22-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6-official.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6-official.yaml index fc4334b..9b18558 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6-v1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6-v2" .Values.enableVersions.MongoDB) }} {{ end }} @@ -99,11 +108,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: "3.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6-v3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.13-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.13-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.13-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.13-official.yaml index d9b80b9..cae1ddd 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.13-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.13-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.6.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6-v4" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:0.1.0' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.6.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6-v5" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.6.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6.13" .Values.enableVersions.MongoDB) }} {{ end }} @@ -115,10 +124,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -132,6 +139,8 @@ spec: allowlist: - '>= 4.0.0, < 4.1.0' version: 3.6.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6.13-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.18-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.18-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.18-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.18-percona.yaml index 5d83652..f7f6149 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.18-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.18-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 1001 runAsUser: 0 @@ -54,6 +52,8 @@ spec: allowlist: - '>= 4.0.0, < 4.1.0' version: 3.6.18 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "percona-3.6.18" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.8-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.8-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.8-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.8-official.yaml index b2b8bca..b179125 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.8-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-3.6.8-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 3.6.8 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6.8" .Values.enableVersions.MongoDB) }} {{ end }} @@ -63,10 +66,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -80,6 +81,8 @@ spec: allowlist: - '>= 4.0.0, < 4.1.0' version: 3.6.8 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "3.6.8-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.10-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.10-percona.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.10-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.10-percona.yaml index 2dcaea4..beaf4b6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.10-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.10-percona.yaml @@ -21,10 +21,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 1001 runAsUser: 0 @@ -38,6 +36,8 @@ spec: allowlist: - '>= 4.1.0, < 4.3.0' version: 4.0.10 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "percona-4.0.10" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.11-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.11-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.11-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.11-official.yaml index 2445200..c3a9de4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.11-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.11-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.11 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0-v2" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:0.1.0' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.11 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0-v3" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.11 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.11" .Values.enableVersions.MongoDB) }} {{ end }} @@ -115,10 +124,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -132,6 +139,8 @@ spec: allowlist: - '>= 4.1.0, < 4.3.0' version: 4.0.11 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.11-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.3-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.3-official.yaml index 4ae5d67..b606daa 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.3-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.3" .Values.enableVersions.MongoDB) }} {{ end }} @@ -63,10 +66,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -80,6 +81,8 @@ spec: allowlist: - '>= 4.1.0, < 4.3.0' version: 4.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.3-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.5-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.5-official.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.5-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.5-official.yaml index 6e96739..8e3f5d7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.5-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.0.5-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0-v1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.5" .Values.enableVersions.MongoDB) }} {{ end }} @@ -99,11 +108,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.5-v1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -125,11 +137,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.5-v2" .Values.enableVersions.MongoDB) }} {{ end }} @@ -167,10 +182,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -184,6 +197,8 @@ spec: allowlist: - '>= 4.1.0, < 4.3.0' version: 4.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.5-v3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.13-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.13-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.13-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.13-official.yaml index f0c656a..c32c368 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.13-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.13-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:0.3.0' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1-v1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.13" .Values.enableVersions.MongoDB) }} {{ end }} @@ -115,10 +124,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -132,6 +139,8 @@ spec: allowlist: - '>= 4.2.0, < 4.3.0' version: 4.1.13 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.13-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.4-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.4-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.4-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.4-official.yaml index 42c00e3..3db139a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.4-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.4-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.4" .Values.enableVersions.MongoDB) }} {{ end }} @@ -63,10 +66,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.1.4-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -80,6 +81,8 @@ spec: allowlist: - '>= 4.2.0, < 4.3.0' version: 4.1.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.4-v1" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.7-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.7-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.7-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.7-official.yaml index 0929dd2..91b7c98 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.7-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.1.7-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.7" .Values.enableVersions.MongoDB) }} {{ end }} @@ -47,11 +50,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.7-v1" .Values.enableVersions.MongoDB) }} {{ end }} @@ -73,11 +79,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.1.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.7-v2" .Values.enableVersions.MongoDB) }} {{ end }} @@ -115,10 +124,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -132,6 +139,8 @@ spec: allowlist: - '>= 4.2.0, < 4.3.0' version: 4.1.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.1.7-v3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.3-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.3-official.yaml index f9a1e5d..000d43b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.3-official.yaml @@ -21,11 +21,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:0.3.0' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsGroup: 999 + runAsUser: 999 version: 4.2.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.2" .Values.enableVersions.MongoDB) }} {{ end }} @@ -63,10 +66,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -80,6 +81,8 @@ spec: allowlist: - '>= 4.4.0, < 5.0.0' version: 4.2.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.2.3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.7-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.7-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.7-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.7-percona.yaml index c32fe51..3ea50a6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.7-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.2.7-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 1001 runAsUser: 0 @@ -54,6 +52,8 @@ spec: allowlist: - '>= 4.4.0, < 5.0.0' version: 4.2.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "percona-4.2.7" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.10-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.10-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.10-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.10-percona.yaml index 14d9249..b8b2efc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.10-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.10-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 1001 runAsUser: 0 @@ -54,6 +52,8 @@ spec: allowlist: - '>= 5.0.0' version: 4.4.10 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "percona-4.4.10" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.6-official.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.6-official.yaml index 06ac4c6..87a89e3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-4.4.6-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -54,6 +52,8 @@ spec: allowlist: - '>= 5.0.0' version: 4.4.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.4.6" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.15-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.15-official.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.15-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.15-official.yaml index c08d1f3..4aa42d6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.15-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.15-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -51,6 +49,8 @@ spec: restoreTask: name: mongodb-restore-5.0.15 version: 5.0.15 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0.15" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.2-official.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.2-official.yaml index 0318dfa..a2a652b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.2-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -51,6 +49,8 @@ spec: restoreTask: name: mongodb-restore-5.0.3 version: 5.0.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0.2" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.3-official.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.3-official.yaml index 686bf7f..56cce6c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-5.0.3-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -51,6 +49,8 @@ spec: restoreTask: name: mongodb-restore-5.0.3 version: 5.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0.3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-6.0.5-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-6.0.5-official.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-6.0.5-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-6.0.5-official.yaml index 89bde34..c1a25f0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-6.0.5-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-6.0.5-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -51,6 +49,8 @@ spec: restoreTask: name: mongodb-restore-6.0.5 version: 6.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.0.5" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-8.0.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-8.0.3-official.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-8.0.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-8.0.3-official.yaml index 8c2c361..0f5732c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-8.0.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/deprecated-mongodb-8.0.3-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -51,6 +49,8 @@ spec: allowlist: - '>= 8.0.3, < 10.0.0' version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.3" .Values.enableVersions.MongoDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-official.yaml index e9b236f..096bf01 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 4.2.24, < 6.0.0' version: 4.2.24 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-percona.yaml index 8937d48..a0895d6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.2.24-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 0 runAsUser: 1001 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 4.2.24, < 6.0.0' version: 4.2.24 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-official.yaml index 750f2a9..b4b3505 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 4.4.26, < 6.0.0' version: 4.4.26 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-percona.yaml index 422b519..e51d7ba 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-4.4.26-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 0 runAsUser: 1001 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 4.4.26, < 6.0.0' version: 4.4.26 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-official.yaml index f45acc5..6b1ead0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 5.0.23, < 7.0.0' version: 5.0.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-percona.yaml index e29b51a..52fecf6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.23-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 0 runAsUser: 1001 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 5.0.23, < 7.0.0' version: 5.0.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.26-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.26-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.26-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.26-official.yaml index 35c7a3d..1e202be 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.26-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-5.0.26-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:4.2-v9' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 5.0.26, < 7.0.0' version: 5.0.26 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-official.yaml index 97e1e15..f30554e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 6.0.12, < 8.0.0' version: 6.0.12 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-percona.yaml index 4f2d23e..300ffa1 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-6.0.12-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 0 runAsUser: 1001 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 6.0.12, < 8.0.0' version: 6.0.12 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.16-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.16-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.16-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.16-official.yaml index 2a025c3..4a0596b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.16-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.16-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 7.0.16, < 9.0.0' version: 7.0.16 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.4-percona.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.4-percona.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.4-percona.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.4-percona.yaml index 9ed5d39..eb2755a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.4-percona.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.4-percona.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 0 runAsUser: 1001 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 7.0.4, < 9.0.0' version: 7.0.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.5-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.5-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.5-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.5-official.yaml index af4669d..75b6167 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.5-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.5-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 7.0.5, < 9.0.0' version: 7.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.8-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.8-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.8-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.8-official.yaml index e032782..04a8d1a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.8-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-7.0.8-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 7.0.8, < 9.0.0' version: 7.0.8 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-8.0.4-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-8.0.4-official.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-8.0.4-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-8.0.4-official.yaml index 9c543eb..4d6cb5b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-8.0.4-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-8.0.4-official.yaml @@ -37,10 +37,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-init") $) }}:6.0-v10' - podSecurityPolicies: - databasePolicyName: mongodb-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsGroup: 999 runAsUser: 999 @@ -51,4 +49,6 @@ spec: allowlist: - '>= 8.0.4, < 10.0.0' version: 8.0.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "mongodb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mongodb/mongodb-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mssqlserver/mssqlserver-2022.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mssqlserver/mssqlserver-2022.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mssqlserver/mssqlserver-2022.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mssqlserver/mssqlserver-2022.yaml index b5c44c1..c4bbb84 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mssqlserver/mssqlserver-2022.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mssqlserver/mssqlserver-2022.yaml @@ -25,9 +25,9 @@ spec: manifestRestore: name: manifest-restore walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssqlserver-archiver") $) }}:v0.6.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssqlserver-archiver") $) }}:v0.7.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssql-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssql-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.microsoft" (merge (dict "_repo" "mssql/server") $) }}:2022-CU12-ubuntu-22.04' exporter: @@ -60,9 +60,9 @@ spec: manifestRestore: name: manifest-restore walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssqlserver-archiver") $) }}:v0.6.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssqlserver-archiver") $) }}:v0.7.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssql-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssql-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.microsoft" (merge (dict "_repo" "mssql/server") $) }}:2022-CU14-ubuntu-22.04' exporter: @@ -95,9 +95,9 @@ spec: manifestRestore: name: manifest-restore walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssqlserver-archiver") $) }}:v0.6.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssqlserver-archiver") $) }}:v0.7.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssql-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mssql-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.microsoft" (merge (dict "_repo" "mssql/server") $) }}:2022-CU16-ubuntu-22.04' exporter: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5-official.yaml index 00e65dd..1300f74 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 5.7.35 version: "5" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - < 5.7.35 version: "5" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5-v1" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7-official.yaml index c4f5d6e..260262f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 5.7.35 version: "5.7" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - < 5.7.35 version: "5.7" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7-v1" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.25-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.25-official.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.25-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.25-official.yaml index a1585db..5f3d2b7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.25-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.25-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 5.7.25 version: 5.7.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7-v2" .Values.enableVersions.MySQL) }} {{ end }} @@ -51,10 +53,10 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysqld-exporter") $) }}:v0.11.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -62,6 +64,8 @@ spec: standalone: - < 5.7.25 version: 5.7.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7-v3" .Values.enableVersions.MySQL) }} {{ end }} @@ -81,10 +85,10 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysqld-exporter") $) }}:v0.11.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -92,6 +96,8 @@ spec: standalone: - < 5.7.25 version: 5.7.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.25" .Values.enableVersions.MySQL) }} {{ end }} @@ -111,10 +117,10 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysqld-exporter") $) }}:v0.11.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -122,6 +128,8 @@ spec: standalone: - < 5.7.25 version: 5.7.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.25-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -141,10 +149,10 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysqld-exporter") $) }}:v0.11.0' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -158,6 +166,8 @@ spec: standalone: - < 5.7.25 version: 5.7.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.25-v2" .Values.enableVersions.MySQL) }} {{ end }} @@ -177,10 +187,10 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -194,6 +204,8 @@ spec: standalone: - < 5.7.25 version: 5.7.25 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.25-v3" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.29-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.29-official.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.29-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.29-official.yaml index c1422b1..3f7cdc3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.29-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.29-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 5.7.29 version: 5.7.29 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7-v4" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - < 5.7.29 version: 5.7.29 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.29" .Values.enableVersions.MySQL) }} {{ end }} @@ -85,10 +89,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -102,6 +106,8 @@ spec: standalone: - < 5.7.29 version: 5.7.29 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.29-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -123,10 +129,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -140,6 +146,8 @@ spec: standalone: - < 5.7.29 version: 5.7.29 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.29-v2" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.31-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.31-official.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.31-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.31-official.yaml index c5883db..af9c34e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.31-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.31-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 5.7.31 version: 5.7.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.31" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -70,6 +72,8 @@ spec: standalone: - < 5.7.31 version: 5.7.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.31-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -91,10 +95,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -108,6 +112,8 @@ spec: standalone: - < 5.7.31 version: 5.7.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.31-v2" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.33-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.33-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.33-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.33-official.yaml index 9ea6bf2..1c729ad 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.33-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.33-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -38,6 +38,8 @@ spec: standalone: - < 5.7.33 version: 5.7.33 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.33" .Values.enableVersions.MySQL) }} {{ end }} @@ -59,10 +61,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -76,6 +78,8 @@ spec: standalone: - < 5.7.33 version: 5.7.33 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.33-v1" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.35-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.35-official.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.35-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.35-official.yaml index 245ffd3..b1bd506 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.35-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.35-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -38,6 +38,8 @@ spec: standalone: - < 5.7.35 version: 5.7.35 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.35" .Values.enableVersions.MySQL) }} {{ end }} @@ -51,7 +53,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mysql") $) }}:5.7.35' distribution: Official @@ -61,10 +63,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -78,6 +80,8 @@ spec: standalone: - < 5.7.35 version: 5.7.35 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.35-v1" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.36-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.36-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.36-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.36-official.yaml index 733d1cf..187fe11 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.36-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.36-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mysql") $) }}:5.7.36' distribution: Official @@ -23,10 +23,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -40,6 +40,8 @@ spec: standalone: - < 5.7.36 version: 5.7.36 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.36" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.41-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.41-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.41-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.41-official.yaml index 8cf1f39..3432b27 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.41-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-5.7.41-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:5.7.41-oracle' distribution: Official @@ -23,10 +23,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7-v4' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -42,6 +40,8 @@ spec: standalone: - < 5.7.41 version: 5.7.41 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7.41" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8-official.yaml index 2793097..c1c0727 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 8.0.17 version: "8" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - < 8.0.17 version: "8" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8-v1" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0-official.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0-official.yaml index d0dfc68..561aa61 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 8.0.17 version: "8.0" + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.14-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.14-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.14-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.14-official.yaml index 73674a1..ecba614 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.14-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.14-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 8.0.14 version: 8.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0-v2" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - < 8.0.14 version: 8.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.14" .Values.enableVersions.MySQL) }} {{ end }} @@ -85,10 +89,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -96,6 +100,8 @@ spec: standalone: - < 8.0.14 version: 8.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.14-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -117,10 +123,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -134,6 +140,8 @@ spec: standalone: - < 8.0.14 version: 8.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.14-v2" .Values.enableVersions.MySQL) }} {{ end }} @@ -155,10 +163,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -172,6 +180,8 @@ spec: standalone: - < 8.0.14 version: 8.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.14-v3" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.17-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.17-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.17-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.17-official.yaml index a5dc513..7dde9a8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.17-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.17-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mysql") $) }}:8.0.17' distribution: Official @@ -23,10 +23,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.3-v2' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -40,6 +40,8 @@ spec: standalone: - < 8.0.17 version: 8.0.17 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.17" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.20-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.20-official.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.20-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.20-official.yaml index 104ef54..0ccdbd9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.20-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.20-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 8.0.20 version: 8.0.20 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0-v3" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - < 8.0.20 version: 8.0.20 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.20" .Values.enableVersions.MySQL) }} {{ end }} @@ -85,10 +89,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -102,6 +106,8 @@ spec: standalone: - < 8.0.20 version: 8.0.20 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.20-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -123,10 +129,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.17' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -140,6 +146,8 @@ spec: standalone: - < 8.0.20 version: 8.0.20 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.20-v2" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.21-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.21-official.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.21-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.21-official.yaml index ba711ae..2295939 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.21-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.21-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: denylist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - < 8.0.21 version: 8.0.21 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.21" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -70,6 +72,8 @@ spec: standalone: - < 8.0.21 version: 8.0.21 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.21-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -91,10 +95,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.21' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -108,6 +112,8 @@ spec: standalone: - < 8.0.21 version: 8.0.21 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.21-v2" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.23-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.23-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.23-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.23-official.yaml index 4ab1e1a..7e00aea 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.23-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.23-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -38,6 +38,8 @@ spec: standalone: - < 8.0.23 version: 8.0.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.23" .Values.enableVersions.MySQL) }} {{ end }} @@ -59,10 +61,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.21' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -76,6 +78,8 @@ spec: standalone: - < 8.0.23 version: 8.0.23 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.23-v1" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.26-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.26-official.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.26-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.26-official.yaml index 923c3af..42b8a27 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.26-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.26-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.21' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -38,6 +38,8 @@ spec: standalone: - < 8.0.26 version: 8.0.26 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.26" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-mysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-mysql.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-mysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-mysql.yaml index 3d66219..87fa66a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-mysql.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-mysql.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "mysql/mysql-server") $) }}:8.0.27' distribution: MySQL @@ -23,14 +23,14 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.26-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' router: image: '{{ include "image.dockerHub" (merge (dict "_repo" "mysql/mysql-router") $) }}:8.0.27' routerInitContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-router-init") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-router-init") $) }}:v0.31.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -44,6 +44,8 @@ spec: standalone: - < 8.0.27 version: 8.0.27 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.27-innodb" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-official.yaml index f90f8ea..0aa8c72 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.27-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mysql") $) }}:8.0.27' distribution: Official @@ -23,10 +23,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.26-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -40,6 +40,8 @@ spec: standalone: - < 8.0.27 version: 8.0.27 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.27" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.29-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.29-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.29-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.29-official.yaml index ccc8c97..7436e23 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.29-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.29-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.0.29-oracle' distribution: Official @@ -23,10 +23,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -40,6 +40,8 @@ spec: standalone: - < 8.0.29 version: 8.0.29 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.29" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.3-official.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.3-official.yaml index cf41425..6bac403 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.3-official.yaml @@ -21,10 +21,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: allowlist: groupReplication: @@ -32,6 +32,8 @@ spec: standalone: - 8.0.3 version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -53,10 +55,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: allowlist: groupReplication: @@ -64,6 +66,8 @@ spec: standalone: - 8.0.3 version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.3" .Values.enableVersions.MySQL) }} {{ end }} @@ -85,10 +89,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 updateConstraints: allowlist: groupReplication: @@ -96,6 +100,8 @@ spec: standalone: - 8.0.3 version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.3-v1" .Values.enableVersions.MySQL) }} {{ end }} @@ -117,10 +123,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.dockerHub" (merge (dict "_repo" "tianon/toybox") $) }}:0.8.11' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -134,6 +140,8 @@ spec: standalone: - 8.0.3 version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.3-v2" .Values.enableVersions.MySQL) }} {{ end }} @@ -155,10 +163,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -172,6 +180,8 @@ spec: standalone: - 8.0.3 version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.3-v3" .Values.enableVersions.MySQL) }} {{ end }} @@ -185,7 +195,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "mysql") $) }}:8.0.3' distribution: Official @@ -195,10 +205,10 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.3-v2' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -212,6 +222,8 @@ spec: standalone: - 8.0.3 version: 8.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.3-v4" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.31-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.31-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.31-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.31-official.yaml index 73bfb7f..41f3764 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.31-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.31-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.0.31-oracle' distribution: Official @@ -23,10 +23,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -42,6 +40,8 @@ spec: standalone: - < 8.0.31 version: 8.0.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.31" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.32-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.32-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.32-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.32-official.yaml index 39b170d..3d48846 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.32-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/deprecated-mysql-8.0.32-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.0.32-oracle' distribution: Official @@ -23,10 +23,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -42,6 +40,8 @@ spec: standalone: - < 8.0.32 version: 8.0.32 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.32" .Values.enableVersions.MySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.42-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.42-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.42-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.42-official.yaml index 4637a37..56e182a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.42-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.42-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_5.7.44' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_5.7.44' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:5.7.42-debian' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7-v5' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 5.7.42 version: 5.7.42 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.44-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.44-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.44-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.44-official.yaml index b202488..79bfa4f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.44-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-5.7.44-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_5.7.44' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_5.7.44' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:5.7.44-oracle' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:5.7-v5' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 5.7.44 version: 5.7.44 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.31-mysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.31-mysql.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.31-mysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.31-mysql.yaml index 5e87373..d012e7c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.31-mysql.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.31-mysql.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.0.35' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.0.35' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.0.31-oracle' distribution: MySQL @@ -39,14 +39,12 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v4' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' router: image: '{{ include "image.dockerHub" (merge (dict "_repo" "mysql/mysql-router") $) }}:8.0.31' routerInitContainer: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-router-init") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-router-init") $) }}:v0.31.0' securityContext: runAsUser: 999 stash: @@ -70,4 +68,6 @@ spec: standalone: - < 8.0.31 version: 8.0.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.35-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.35-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.35-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.35-official.yaml index 7c1d413..77f2086 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.35-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.35-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.0.35' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.0.35' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.0.35-oracle' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v4' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 8.0.35 version: 8.0.35 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.36-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.36-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.36-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.36-official.yaml index a134d9e..be682bc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.36-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.0.36-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.0.35' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.0.35' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.0.36-debian' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v4' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 8.0.36 version: 8.0.36 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.1.0-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.1.0-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.1.0-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.1.0-official.yaml index d115508..f74c4e4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.1.0-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.1.0-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.1.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.1.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.1.0-oracle' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v4' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 8.1.0 version: 8.1.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.2.0-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.2.0-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.2.0-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.2.0-official.yaml index 3db63d1..c92ec0d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.2.0-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.2.0-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.2.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.2.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.2.0-oracle' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.0.31-v4' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 8.2.0 version: 8.2.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.2-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.2-official.yaml index 479b1ae..3468e6f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.2-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.4.3' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.4.3' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.4.2-oracle' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.4.2-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 8.4.2 version: 8.4.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.3-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.3-official.yaml index 391e018..9e91b6b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-8.4.3-official.yaml @@ -23,9 +23,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_8.4.3' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_8.4.3' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:8.4.3-oracle' distribution: Official @@ -35,10 +35,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:8.4.3-v3' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -62,4 +60,6 @@ spec: standalone: - < 8.4.3 version: 8.4.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.0.1-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.0.1-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.0.1-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.0.1-official.yaml index 0e26d28..0fa0631 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.0.1-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.0.1-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_9.1.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_9.1.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:9.0.1-oracle' distribution: Official @@ -39,10 +39,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:9.0.1-v1' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -66,4 +64,6 @@ spec: standalone: - < 9.0.1 version: 9.0.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.1.0-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.1.0-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.1.0-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.1.0-official.yaml index 8abd716..08eab15 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.1.0-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-9.1.0-official.yaml @@ -23,9 +23,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.13.0_9.1.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-archiver") $) }}:v0.14.0_9.1.0' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.30.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-coordinator") $) }}:v0.31.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/mysql") $) }}:9.1.0-oracle' distribution: Official @@ -35,10 +35,8 @@ spec: image: '{{ include "image.kubernetes" (merge (dict "_repo" "git-sync/git-sync") $) }}:v4.2.1' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-init") $) }}:9.1.0-v1' - podSecurityPolicies: - databasePolicyName: mysql-db replicationModeDetector: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.39.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/replication-mode-detector") $) }}:v0.40.0' securityContext: runAsUser: 999 stash: @@ -62,4 +60,6 @@ spec: standalone: - < 9.1.0 version: 9.1.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "mysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/mysql/mysql-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/mysql/mysql-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-5.7.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-5.7.yaml similarity index 82% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-5.7.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-5.7.yaml index de8bea2..864a1ea 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-5.7.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-5.7.yaml @@ -18,8 +18,8 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysqld-exporter") $) }}:v0.11.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db + securityContext: + runAsUser: 1001 stash: addon: backupTask: @@ -27,6 +27,8 @@ spec: restoreTask: name: perconaxtradb-restore-5.7 version: "5.7" + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7" .Values.enableVersions.PerconaXtraDB) }} {{ end }} @@ -45,8 +47,8 @@ spec: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysqld-exporter") $) }}:v0.11.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/busybox") $) }}' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db + securityContext: + runAsUser: 1001 stash: addon: backupTask: @@ -54,6 +56,8 @@ spec: restoreTask: name: perconaxtradb-restore-5.7 version: "5.7" + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.7-cluster" .Values.enableVersions.PerconaXtraDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.26.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.26.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.26.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.26.yaml index fe81bc0..d4d4754 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.26.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.26.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.25.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.26.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/percona-xtradb-cluster") $) }}:8.0.26' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-init") $) }}:0.2.3' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db securityContext: runAsUser: 1001 stash: @@ -34,6 +32,8 @@ spec: allowlist: - '>= 8.0.26, <= 8.0.31' version: 8.0.26 + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.26" .Values.enableVersions.PerconaXtraDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.28.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.28.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.28.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.28.yaml index 1c20e0f..3371279 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.28.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.28.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.25.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.26.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/percona-xtradb-cluster") $) }}:8.0.28' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-init") $) }}:0.2.3' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db securityContext: runAsUser: 1001 stash: @@ -34,6 +32,8 @@ spec: allowlist: - '>= 8.0.28, <= 8.0.31' version: 8.0.28 + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.28" .Values.enableVersions.PerconaXtraDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.31.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.31.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.31.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.31.yaml index 8f08572..45e225d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.31.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/deprecated-perconaxtradb-8.0.31.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.25.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.26.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/percona-xtradb-cluster") $) }}:8.0.31' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-init") $) }}:0.2.3' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db securityContext: runAsUser: 1001 stash: @@ -34,6 +32,8 @@ spec: allowlist: - '>= 8.0.31, <= 8.0.31' version: 8.0.31 + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "8.0.31" .Values.enableVersions.PerconaXtraDB) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-5.7.44.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-5.7.44.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-5.7.44.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-5.7.44.yaml index a82b478..e9f32b4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-5.7.44.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-5.7.44.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.25.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.26.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/percona-xtradb-cluster") $) }}:5.7.44' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-init") $) }}:0.2.3' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db securityContext: runAsUser: 1001 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 5.7.44, <= 5.7.44' version: 5.7.44 + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.0.40.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.0.40.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.0.40.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.0.40.yaml index f6cc440..f612cc9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.0.40.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.0.40.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.25.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.26.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/percona-xtradb-cluster") $) }}:8.0.40' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-init") $) }}:0.2.3' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db securityContext: runAsUser: 1001 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 8.0.40, <= 8.4.3' version: 8.0.40 + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.4.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.4.3.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.4.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.4.3.yaml index 43f9b2b..86609dc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.4.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-8.4.3.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.25.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-coordinator") $) }}:v0.26.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/percona-xtradb-cluster") $) }}:8.4.3' exporter: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prom/mysqld-exporter") $) }}:v0.13.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/percona-xtradb-init") $) }}:0.2.3' - podSecurityPolicies: - databasePolicyName: percona-xtradb-db securityContext: runAsUser: 1001 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 8.4.3' version: 8.4.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "percona-xtradb-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/perconaxtradb/perconaxtradb-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.17.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.17.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.17.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.17.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.18.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.18.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.18.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.18.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.23.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.23.1.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.23.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.23.1.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.24.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.24.0.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.24.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgbouncer/pgbouncer-1.24.0.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.5.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.5.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.5.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.5.yaml index 6605a8b..1c40d62 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.5.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.5.yaml @@ -21,6 +21,6 @@ spec: runAsUser: 70 updateConstraints: allowlist: - - '>= 4.4.5, <= 4.5.3' + - '>= 4.4.5, <= 4.6.0' version: 4.4.5 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.8.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.8.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.8.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.8.yaml index 758fc8b..55fad7e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.8.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.4.8.yaml @@ -21,6 +21,6 @@ spec: runAsUser: 70 updateConstraints: allowlist: - - '>= 4.4.8, <= 4.5.3' + - '>= 4.4.8, <= 4.6.0' version: 4.4.8 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.0.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.0.yaml index a7d2544..1cdcadf 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.0.yaml @@ -21,6 +21,6 @@ spec: runAsUser: 70 updateConstraints: allowlist: - - '>= 4.5.0, <= 4.5.3' + - '>= 4.5.0, <= 4.6.0' version: 4.5.0 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.3.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.3.yaml index b393732..0b7ac83 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.5.3.yaml @@ -21,6 +21,6 @@ spec: runAsUser: 70 updateConstraints: allowlist: - - '>= 4.5.3, <= 4.5.3' + - '>= 4.5.3, <= 4.6.0' version: 4.5.3 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.6.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.6.0.yaml new file mode 100644 index 0000000..446172c --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/pgpool/pgpool-4.6.0.yaml @@ -0,0 +1,26 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Pgpool }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PgpoolVersion +metadata: + name: '4.6.0' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + exporter: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/pgpool2_exporter") $) }}:v1.2.2' + pgpool: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/pgpool2") $) }}:4.6.0' + securityContext: + runAsAnyNonRoot: true + runAsUser: 70 + updateConstraints: + allowlist: + - '>= 4.6.0, <= 4.6.0' + version: 4.6.0 +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.16-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.16-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.16-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.16-official.yaml index fb08298..40e750c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.16-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.16-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:10.16-alpine' @@ -22,8 +22,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -37,6 +35,8 @@ spec: allowlist: - '>= 10.19, =< 13.2' version: "10.16" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.16" .Values.enableVersions.Postgres) }} {{ end }} @@ -50,7 +50,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:10.16' @@ -59,8 +59,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -75,6 +73,8 @@ spec: - "10.19" - "11.11" version: "10.16" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.16-debian" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.19-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.19-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.19-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.19-official.yaml index cfdbc0e..1e912f6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.19-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.19-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:10.19-bullseye' @@ -22,8 +22,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -37,6 +35,8 @@ spec: allowlist: - '>= 11.14, <= 14.1' version: "10.19" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.19" .Values.enableVersions.Postgres) }} {{ end }} @@ -50,7 +50,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:10.19-bullseye' @@ -59,8 +59,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -74,6 +72,8 @@ spec: allowlist: - '>= 11.14, <= 14.1' version: "10.19" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.19-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.2-official.yaml similarity index 77% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.2-official.yaml index a01d667..26956e1 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.2-official.yaml @@ -17,9 +17,12 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 version: "10.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.2" .Values.enableVersions.Postgres) }} {{ end }} @@ -37,9 +40,12 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.6' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 version: "10.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.2-v1" .Values.enableVersions.Postgres) }} {{ end }} @@ -57,8 +63,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -66,6 +73,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.2-v2" .Values.enableVersions.Postgres) }} {{ end }} @@ -83,8 +92,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -92,6 +102,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.2-v3" .Values.enableVersions.Postgres) }} {{ end }} @@ -109,8 +121,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -118,6 +131,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.2-v4" .Values.enableVersions.Postgres) }} {{ end }} @@ -135,8 +150,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -144,6 +160,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.2-v5" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.20-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.20-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.20-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.20-official.yaml index 2867f71..1004294 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.20-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.20-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:10.20-bullseye' @@ -22,8 +22,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -37,6 +35,8 @@ spec: allowlist: - '>= 11.14, <= 14.1' version: "10.20" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.20" .Values.enableVersions.Postgres) }} {{ end }} @@ -50,7 +50,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:10.20-bullseye' @@ -59,8 +59,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -74,6 +72,8 @@ spec: allowlist: - '>= 11.14, <= 14.1' version: "10.20" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.20-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.6-official.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.6-official.yaml index 8dae1b2..3f8b17c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-10.6-official.yaml @@ -17,8 +17,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -26,6 +27,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.6" .Values.enableVersions.Postgres) }} {{ end }} @@ -43,8 +46,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -52,6 +56,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.6-v1" .Values.enableVersions.Postgres) }} {{ end }} @@ -69,8 +75,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -78,6 +85,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.6-v2" .Values.enableVersions.Postgres) }} {{ end }} @@ -95,8 +104,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -104,6 +114,8 @@ spec: restoreTask: name: postgres-restore-10.14.0-v4 version: "10.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "10.6-v3" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.1-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.1-official.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.1-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.1-official.yaml index 78c36c3..9d1c666 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.1-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.1-official.yaml @@ -17,8 +17,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -26,6 +27,8 @@ spec: restoreTask: name: postgres-restore-11.9.0-v4 version: "11.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.1" .Values.enableVersions.Postgres) }} {{ end }} @@ -43,8 +46,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -52,6 +56,8 @@ spec: restoreTask: name: postgres-restore-11.9.0-v4 version: "11.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.1-v1" .Values.enableVersions.Postgres) }} {{ end }} @@ -69,8 +75,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -78,6 +85,8 @@ spec: restoreTask: name: postgres-restore-11.9.0-v4 version: "11.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.1-v2" .Values.enableVersions.Postgres) }} {{ end }} @@ -95,8 +104,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -104,6 +114,8 @@ spec: restoreTask: name: postgres-restore-11.9.0-v4 version: "11.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.1-v3" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-official.yaml index 90f8cda..086730d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.11-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - '>= 11.14, <= 13.2' version: "11.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.11" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.11' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "11.14" version: "11.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.11-debian" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-timescaledb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-timescaledb.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-timescaledb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-timescaledb.yaml index 39e355a..7b76f87 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-timescaledb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.11-timescaledb.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_11.22-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_11.22-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "timescale/timescaledb") $) }}:2.1.0-pg11-oss' distribution: TimescaleDB @@ -37,8 +37,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -49,6 +47,8 @@ spec: restoreTask: name: postgres-restore-11.9 version: "11.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "timescaledb-2.1.0-pg11" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.14-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.14-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.14-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.14-official.yaml index 5f8b1a3..4e897b3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.14-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.14-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.14-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.14" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.14" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.14-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.14" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.14-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.15-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.15-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.15-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.15-official.yaml index 4921906..8209b4c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.15-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.15-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.15-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.15" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.15" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.15-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.15" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.15-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.19-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.19-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.19-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.19-official.yaml index f29afda..15895f6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.19-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.19-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.19-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.19" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.19" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.19-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.19" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.19-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.2-official.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.2-official.yaml index 276baa6..b83597f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.2-official.yaml @@ -17,8 +17,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -26,6 +27,8 @@ spec: restoreTask: name: postgres-restore-11.9.0-v4 version: "11.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.2" .Values.enableVersions.Postgres) }} {{ end }} @@ -43,8 +46,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -52,6 +56,8 @@ spec: restoreTask: name: postgres-restore-11.9.0-v4 version: "11.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.2-v1" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.20-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.20-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.20-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.20-official.yaml index f10c89f..070acbf 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.20-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-11.20-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.20-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.20" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.20" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:11.20-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - '>= 12.9, <= 14.1' version: "11.20" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "11.20-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.10-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.10-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.10-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.10-official.yaml index 478e562..34a1178 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.10-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.10-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.10-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -54,6 +52,8 @@ spec: - "13.5" - "14.1" version: "12.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.10" .Values.enableVersions.Postgres) }} {{ end }} @@ -81,9 +81,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.10-bullseye' @@ -92,8 +92,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -108,6 +106,8 @@ spec: - "13.5" - "14.1" version: "12.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.10-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.13-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.13-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.13-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.13-official.yaml index e6254a5..cddb6f4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.13-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.13-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.13-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -54,6 +52,8 @@ spec: - "13.5" - "14.1" version: "12.13" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.13" .Values.enableVersions.Postgres) }} {{ end }} @@ -81,9 +81,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.13-bullseye' @@ -92,8 +92,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -108,6 +106,8 @@ spec: - "13.5" - "14.1" version: "12.13" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.13-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.14-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.14-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.14-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.14-official.yaml index 17fed17..90200b3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.14-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.14-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.14-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -54,6 +52,8 @@ spec: - "13.5" - "14.1" version: "12.14" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.14" .Values.enableVersions.Postgres) }} {{ end }} @@ -81,9 +81,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.14-bullseye' @@ -92,8 +92,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -108,6 +106,8 @@ spec: - "13.5" - "14.1" version: "12.14" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.14-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.15-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.15-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.15-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.15-official.yaml index 4c61f85..3dc5b1f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.15-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.15-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.15-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -54,6 +52,8 @@ spec: - "13.5" - "14.1" version: "12.15" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.15" .Values.enableVersions.Postgres) }} {{ end }} @@ -81,9 +81,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.15-bullseye' @@ -92,8 +92,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -108,6 +106,8 @@ spec: - "13.5" - "14.1" version: "12.15" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.15-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-official.yaml index 3a9aa1a..104d4b3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.6-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -54,6 +52,8 @@ spec: - "12.9" - "13.2" version: "12.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.6" .Values.enableVersions.Postgres) }} {{ end }} @@ -81,9 +81,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.6' @@ -92,8 +92,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -108,6 +106,8 @@ spec: - "12.9" - "13.2" version: "12.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.6-debian" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-timescaledb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-timescaledb.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-timescaledb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-timescaledb.yaml index 1c27d4c..8b77677 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-timescaledb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.6-timescaledb.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_12.17-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_12.17-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "timescale/timescaledb") $) }}:2.1.0-pg12-oss' distribution: TimescaleDB @@ -37,8 +37,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -49,6 +47,8 @@ spec: restoreTask: name: postgres-restore-12.4 version: "12.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "timescaledb-2.1.0-pg12" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.9-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.9-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.9-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.9-official.yaml index 7bc1ef2..478d551 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.9-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-12.9-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.9-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -54,6 +52,8 @@ spec: - "13.5" - "14.1" version: "12.9" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.9" .Values.enableVersions.Postgres) }} {{ end }} @@ -81,9 +81,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:12.9-bullseye' @@ -92,8 +92,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -108,6 +106,8 @@ spec: - "13.5" - "14.1" version: "12.9" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "12.9-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.10-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.10-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.10-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.10-official.yaml index fd7a88e..10aa7c8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.10-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.10-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.10-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.1" version: "13.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.10" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.10-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.1" version: "13.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.10-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.11-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.11-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.11-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.11-official.yaml index 3bc602d..c085d2e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.11-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.11-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.11-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.1" version: "13.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.11" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.11-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.1" version: "13.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.11-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.2-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.2-official.yaml index d1bce51..08d2603 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.2-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.2-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 13.2' version: "13.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.2" .Values.enableVersions.Postgres) }} {{ end }} @@ -85,9 +85,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.2' @@ -96,8 +96,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -116,6 +114,8 @@ spec: allowlist: - '>= 13.2' version: "13.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.2-debian" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.5-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.5-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.5-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.5-official.yaml index 3b11834..adfbd29 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.5-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.5-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.5-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.1" version: "13.5" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.5" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.5-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.1" version: "13.5" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.5-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.6-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.6-official.yaml index 296e772..57a8d89 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.6-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.6-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.1" version: "13.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.6" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.6-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.1" version: "13.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.6-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.9-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.9-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.9-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.9-official.yaml index 17fcad2..d0b1d1b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.9-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-13.9-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.9-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.1" version: "13.9" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.9" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:13.9-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.1" version: "13.9" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "13.9-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.1-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.1-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.1-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.1-official.yaml index ef5172c..9da038e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.1-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.1-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.1-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.2" version: "14.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.1" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.1-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.2" version: "14.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.1-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.2-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.2-official.yaml index 6eed1fc..91f1032 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.2-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.2-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 14.2' version: "14.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.2" .Values.enableVersions.Postgres) }} {{ end }} @@ -85,9 +85,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.2-bullseye' @@ -96,8 +96,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -116,6 +114,8 @@ spec: allowlist: - '>= 14.2' version: "14.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.2-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.6-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.6-official.yaml index 4a5085e..bcf226e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.6-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.6-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -50,6 +48,8 @@ spec: restoreTask: name: postgres-restore-14.0 version: "14.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.6" .Values.enableVersions.Postgres) }} {{ end }} @@ -77,9 +77,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.6-bullseye' @@ -88,8 +88,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -100,6 +98,8 @@ spec: restoreTask: name: postgres-restore-14.0 version: "14.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.6-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.7-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.7-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.7-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.7-official.yaml index 91b28ec..c131483 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.7-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.7-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.7-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -50,6 +48,8 @@ spec: restoreTask: name: postgres-restore-14.0 version: "14.7" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.7" .Values.enableVersions.Postgres) }} {{ end }} @@ -77,9 +77,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.7-bullseye' @@ -88,8 +88,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -100,6 +98,8 @@ spec: restoreTask: name: postgres-restore-14.0 version: "14.7" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.7-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.8-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.8-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.8-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.8-official.yaml index a4e81ee..1b1ca20 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.8-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-14.8-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.8-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -50,6 +48,8 @@ spec: restoreTask: name: postgres-restore-14.0 version: "14.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.8" .Values.enableVersions.Postgres) }} {{ end }} @@ -77,9 +77,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:14.8-bullseye' @@ -88,8 +88,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -100,6 +98,8 @@ spec: restoreTask: name: postgres-restore-14.0 version: "14.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "14.8-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.1-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.1-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.1-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.1-official.yaml index b5b578f..052d0d1 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.1-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.1-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:15.1-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.2" version: "15.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "15.1" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:15.1-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.2" version: "15.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "15.1-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.2-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.2-official.yaml index ea90cb5..edef0f9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.2-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:15.2-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.2" version: "15.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "15.2" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:15.2-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.2" version: "15.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "15.2-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.3-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.3-official.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.3-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.3-official.yaml index 2d86e2c..1ab7009 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.3-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-15.3-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:15.3-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -53,6 +51,8 @@ spec: allowlist: - "14.2" version: "15.3" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "15.3" .Values.enableVersions.Postgres) }} {{ end }} @@ -80,9 +80,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.13.0") $) }}' + image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "v0.14.0") $) }}' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:15.3-bullseye' @@ -91,8 +91,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -106,6 +104,8 @@ spec: allowlist: - "14.2" version: "15.3" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "15.3-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6-official.yaml similarity index 77% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6-official.yaml index 4238a07..e98ec13 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6-official.yaml @@ -17,9 +17,12 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 version: "9.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6" .Values.enableVersions.Postgres) }} {{ end }} @@ -37,9 +40,12 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.6' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 version: "9.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6-v1" .Values.enableVersions.Postgres) }} {{ end }} @@ -57,8 +63,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -66,6 +73,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: "9.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6-v2" .Values.enableVersions.Postgres) }} {{ end }} @@ -83,8 +92,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -92,6 +102,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: "9.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6-v3" .Values.enableVersions.Postgres) }} {{ end }} @@ -109,8 +121,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -118,6 +131,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: "9.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6-v4" .Values.enableVersions.Postgres) }} {{ end }} @@ -135,8 +150,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -144,6 +160,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: "9.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6-v5" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.21-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.21-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.21-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.21-official.yaml index c436e97..5650dde 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.21-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.21-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:9.6.21-alpine' @@ -22,8 +22,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -37,6 +35,8 @@ spec: allowlist: - '>= 9.6.24, <= 13.2' version: 9.6.21 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.21" .Values.enableVersions.Postgres) }} {{ end }} @@ -50,7 +50,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: debian image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:9.6.21' @@ -59,8 +59,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -75,6 +73,8 @@ spec: - "12.6" - "13.2" version: 9.6.21 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.21-debian" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.24-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.24-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.24-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.24-official.yaml index 15e430d..6c2bc5e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.24-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.24-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:9.6.24-alpine' @@ -22,8 +22,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -37,6 +35,8 @@ spec: allowlist: - '>= 10.19, <=14.1' version: 9.6.24 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.24" .Values.enableVersions.Postgres) }} {{ end }} @@ -50,7 +50,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "postgres") $) }}:9.6.24-bullseye' @@ -59,8 +59,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -74,6 +72,8 @@ spec: allowlist: - '>= 10.19, <= 14.1' version: 9.6.24 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.24-bullseye" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.7-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.7-official.yaml similarity index 77% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.7-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.7-official.yaml index fc0f4d2..d960388 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.7-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/deprecated-postgres-9.6.7-official.yaml @@ -17,9 +17,12 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 version: 9.6.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.7" .Values.enableVersions.Postgres) }} {{ end }} @@ -37,9 +40,12 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.6' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 version: 9.6.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.7-v1" .Values.enableVersions.Postgres) }} {{ end }} @@ -57,8 +63,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -66,6 +73,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: 9.6.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.7-v2" .Values.enableVersions.Postgres) }} {{ end }} @@ -83,8 +92,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -92,6 +102,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: 9.6.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.7-v3" .Values.enableVersions.Postgres) }} {{ end }} @@ -109,8 +121,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -118,6 +131,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: 9.6.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.7-v4" .Values.enableVersions.Postgres) }} {{ end }} @@ -135,8 +150,9 @@ spec: distribution: Official exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres_exporter") $) }}:v0.4.7' - podSecurityPolicies: - databasePolicyName: postgres-db + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 stash: addon: backupTask: @@ -144,6 +160,8 @@ spec: restoreTask: name: postgres-restore-9.6.19-v4 version: 9.6.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "9.6.7-v5" .Values.enableVersions.Postgres) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-10.23-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-10.23-official.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-10.23-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-10.23-official.yaml index de9ee1d..dbb9caf 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-10.23-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-10.23-official.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:10.23-alpine' @@ -22,8 +22,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -40,8 +38,10 @@ spec: version: v2024.4.27 updateConstraints: allowlist: - - '>= 10.23, <= 16.6' + - '>= 10.23, <= 16.8' version: "10.23" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -53,7 +53,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:10.23-bullseye' @@ -62,8 +62,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -80,6 +78,8 @@ spec: version: v2024.4.27 updateConstraints: allowlist: - - '>= 10.23, <= 16.6' + - '>= 10.23, <= 16.8' version: "10.23" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-official.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-official.yaml index 9a04244..542d19f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_11.22-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_11.22-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:11.22-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -56,8 +54,10 @@ spec: version: v2024.4.27 updateConstraints: allowlist: - - '>= 11.22, <= 16.6' + - '>= 11.22, <= 16.8' version: "11.22" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_11.22-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_11.22-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:11.22-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -112,6 +110,8 @@ spec: version: v2024.4.27 updateConstraints: allowlist: - - '>= 11.22, <= 16.6' + - '>= 11.22, <= 16.8' version: "11.22" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-postgis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-postgis.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-postgis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-postgis.yaml index 57580b9..6372d0f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-postgis.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-11.22-postgis.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_11.22-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_11.22-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "postgis/postgis") $) }}:11-3.3' distribution: PostGIS @@ -37,8 +37,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -55,6 +53,8 @@ spec: version: v2024.4.27 updateConstraints: allowlist: - - '>= 11.22, <= 16.6' + - '>= 11.22, <= 16.8' version: "11.22" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.17-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.17-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.17-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.17-official.yaml index 153f8f4..1ac7213 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.17-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.17-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_12.17-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_12.17-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:12.17-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 12.17' version: "12.17" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_12.17-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_12.17-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:12.17-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 12.17' version: "12.17" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.18-postgis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.18-postgis.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.18-postgis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.18-postgis.yaml index a3f2a17..a74cb7a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.18-postgis.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.18-postgis.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_12.17-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_12.17-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "postgis/postgis") $) }}:12-3.4' distribution: PostGIS @@ -37,8 +37,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 12.18' version: "12.18" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.22-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.22-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.22-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.22-official.yaml index b7ea781..e7da8ce 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.22-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-12.22-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_12.17-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_12.17-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:12.22-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 12.22' version: "12.22" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_12.17-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_12.17-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:12.22-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 12.22' version: "12.22" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.13-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.13-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.13-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.13-official.yaml index af617d8..29db787 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.13-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.13-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:13.13-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 13.13' version: "13.13" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:13.13-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 13.13' version: "13.13" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-postgis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-postgis.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-postgis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-postgis.yaml index 237eda0..3088b95 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-postgis.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-postgis.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "postgis/postgis") $) }}:13-3.4' distribution: PostGIS @@ -37,8 +37,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 13.14' version: "13.14" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-timescaledb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-timescaledb.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-timescaledb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-timescaledb.yaml index fe1b44c..e72252c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-timescaledb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.14-timescaledb.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerHub" (merge (dict "_repo" "timescale/timescaledb") $) }}:2.14.2-pg13-oss' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,4 +56,6 @@ spec: allowlist: - '>= 13.14' version: "13.14" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.18-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.18-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.18-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.18-official.yaml index 25d71ce..be69fb8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.18-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.18-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:13.18-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 13.18' version: "13.18" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_13.13-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:13.18-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 13.18' version: "13.18" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.20-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.20-official.yaml new file mode 100644 index 0000000..84a08da --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-13.20-official.yaml @@ -0,0 +1,117 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '13.20' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-alpine' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: alpine + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:13.20-alpine' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: false + runAsUser: 70 + stash: + addon: + backupTask: + name: postgres-backup-13.1 + restoreTask: + name: postgres-restore-13.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 13.20' + version: "13.20" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} + +--- + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '13.20-bookworm' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_13.13-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:13.20-bookworm' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-13.1 + restoreTask: + name: postgres-restore-13.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 13.20' + version: "13.20" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.10-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.10-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.10-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.10-official.yaml index 8af9cda..b0e9987 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.10-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.10-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.10-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 14.10' version: "14.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.10-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 14.10' version: "14.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-postgis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-postgis.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-postgis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-postgis.yaml index 8eea118..92c16f8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-postgis.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-postgis.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: image: '{{ include "image.dockerHub" (merge (dict "_repo" "postgis/postgis") $) }}:14-3.4' distribution: PostGIS @@ -37,8 +37,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -57,4 +55,6 @@ spec: allowlist: - '>= 14.11' version: "14.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-timescaledb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-timescaledb.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-timescaledb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-timescaledb.yaml index 53b6b7d..389889a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-timescaledb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.11-timescaledb.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerHub" (merge (dict "_repo" "timescale/timescaledb") $) }}:2.14.2-pg14-oss' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,4 +56,6 @@ spec: allowlist: - '>= 14.11' version: "14.11" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.13-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.13-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.13-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.13-official.yaml index ca567b1..e69dc20 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.13-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.13-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.13-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -60,6 +58,8 @@ spec: allowlist: - '>= 14.13' version: "14.13" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -85,9 +85,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.13-bookworm' @@ -96,8 +96,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -118,4 +116,6 @@ spec: allowlist: - '>= 14.13' version: "14.13" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.15-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.15-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.15-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.15-official.yaml index 5450962..abb9813 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.15-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.15-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.15-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 14.15' version: "14.15" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_14.10-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.15-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 14.15' version: "14.15" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.17-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.17-official.yaml new file mode 100644 index 0000000..8522ee7 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-14.17-official.yaml @@ -0,0 +1,117 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '14.17' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-alpine' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: alpine + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.17-alpine' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: false + runAsUser: 70 + stash: + addon: + backupTask: + name: postgres-backup-14.0 + restoreTask: + name: postgres-restore-14.0 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 14.17' + version: "14.17" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} + +--- + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '14.17-bookworm' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_14.10-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:14.17-bookworm' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-14.0 + restoreTask: + name: postgres-restore-14.0 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 14.17' + version: "14.17" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.10-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.10-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.10-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.10-official.yaml index ac38998..5b1f590 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.10-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.10-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.10-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 15.10' version: "15.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.10-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 15.10' version: "15.10" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.12-documentdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.12-documentdb.yaml new file mode 100644 index 0000000..44cd70a --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.12-documentdb.yaml @@ -0,0 +1,61 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '15.12-documentdb' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres-documentdb") $) }}:15-0.102.0-ferretdb-2.0.0' + distribution: DocumentDB + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-15.1 + restoreTask: + name: postgres-restore-15.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 15.12' + version: "15.12" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.12-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.12-official.yaml new file mode 100644 index 0000000..bc4a356 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.12-official.yaml @@ -0,0 +1,117 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '15.12' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-alpine' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: alpine + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.12-alpine' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: false + runAsUser: 70 + stash: + addon: + backupTask: + name: postgres-backup-15.1 + restoreTask: + name: postgres-restore-15.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 15.12' + version: "15.12" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} + +--- + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '15.12-bookworm' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.12-bookworm' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-15.1 + restoreTask: + name: postgres-restore-15.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 15.12' + version: "15.12" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.5-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.5-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.5-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.5-official.yaml index dc90b5a..ef0af1b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.5-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.5-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.5-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 15.5' version: "15.5" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.5-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 15.5' version: "15.5" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-official.yaml index 4a78d28..a629215 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerHub" (merge (dict "_repo" "timescale/timescaledb") $) }}:2.14.2-pg15-oss' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,4 +56,6 @@ spec: allowlist: - '>= 15.6' version: "15.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-postgis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-postgis.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-postgis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-postgis.yaml index e858765..20a991e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-postgis.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.6-postgis.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerHub" (merge (dict "_repo" "postgis/postgis") $) }}:15-3.4' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -58,4 +56,6 @@ spec: allowlist: - '>= 15.6' version: "15.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.8-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.8-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.8-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.8-official.yaml index 33732ee..c0cb53c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.8-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-15.8-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.8-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -60,6 +58,8 @@ spec: allowlist: - '>= 15.8' version: "15.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -85,9 +85,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_15.5-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_15.5-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:15.8-bookworm' @@ -96,8 +96,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -118,4 +116,6 @@ spec: allowlist: - '>= 15.8' version: "15.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.1-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.1-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.1-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.1-official.yaml index cd883f4..44e8b25 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.1-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.1-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.1-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 16.1' version: "16.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.1-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 16.1' version: "16.1" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-official.yaml index bff1d1f..cf64a6a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.dockerHub" (merge (dict "_repo" "timescale/timescaledb") $) }}:2.14.2-pg16-oss' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,4 +56,6 @@ spec: allowlist: - '>= 16.2' version: "16.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-postgis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-postgis.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-postgis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-postgis.yaml index d8ef86b..e7aa319 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-postgis.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.2-postgis.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bullseye image: '{{ include "image.dockerHub" (merge (dict "_repo" "postgis/postgis") $) }}:16-3.4' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -58,4 +56,6 @@ spec: allowlist: - '>= 16.2' version: "16.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.4-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.4-official.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.4-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.4-official.yaml index be3ae8d..03caafb 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.4-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.4-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.4-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -60,6 +58,8 @@ spec: allowlist: - '>= 16.4' version: "16.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -85,9 +85,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.4-bookworm' @@ -96,8 +96,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -118,4 +116,6 @@ spec: allowlist: - '>= 16.4' version: "16.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.6-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.6-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.6-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.6-official.yaml index 0e5143d..4dde46a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.6-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.6-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.6-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 16.6' version: "16.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_16.1-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.6-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 16.6' version: "16.6" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.8-documentdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.8-documentdb.yaml new file mode 100644 index 0000000..a130631 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.8-documentdb.yaml @@ -0,0 +1,61 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '16.8-documentdb' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres-documentdb") $) }}:16-0.102.0-ferretdb-2.0.0' + distribution: DocumentDB + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-16.1 + restoreTask: + name: postgres-restore-16.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 16.8' + version: "16.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.8-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.8-official.yaml new file mode 100644 index 0000000..0ea4ffc --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-16.8-official.yaml @@ -0,0 +1,117 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '16.8' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-alpine' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: alpine + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.8-alpine' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: false + runAsUser: 70 + stash: + addon: + backupTask: + name: postgres-backup-16.1 + restoreTask: + name: postgres-restore-16.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 16.8' + version: "16.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} + +--- + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '16.8-bookworm' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_16.1-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:16.8-bookworm' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-16.1 + restoreTask: + name: postgres-restore-16.1 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 16.8' + version: "16.8" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.2-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.2-official.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.2-official.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.2-official.yaml index a393011..a378f14 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.2-official.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.2-official.yaml @@ -27,9 +27,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_17.2-alpine' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_17.2-alpine' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: alpine image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:17.2-alpine' @@ -38,8 +38,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: false runAsUser: 70 @@ -58,6 +56,8 @@ spec: allowlist: - '>= 17.2' version: "17.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} --- @@ -83,9 +83,9 @@ spec: volumeSnapshot: name: volume-snapshot walg: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.13.0_17.2-bookworm' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_17.2-bookworm' coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.36.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' db: baseOS: bookworm image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:17.2-bookworm' @@ -94,8 +94,6 @@ spec: image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' - podSecurityPolicies: - databasePolicyName: postgres-db securityContext: runAsAnyNonRoot: true runAsUser: 999 @@ -114,4 +112,6 @@ spec: allowlist: - '>= 17.2' version: "17.2" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.4-documentdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.4-documentdb.yaml new file mode 100644 index 0000000..196119e --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.4-documentdb.yaml @@ -0,0 +1,61 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '17.4-documentdb' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_17.2-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres-documentdb") $) }}:17-0.102.0-ferretdb-2.0.0' + distribution: DocumentDB + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-17.2 + restoreTask: + name: postgres-restore-17.2 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - "17.4" + version: "17.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.4-official.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.4-official.yaml new file mode 100644 index 0000000..e313004 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-17.4-official.yaml @@ -0,0 +1,117 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Postgres }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '17.4' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_17.2-alpine' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: alpine + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:17.4-alpine' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: false + runAsUser: 70 + stash: + addon: + backupTask: + name: postgres-backup-17.2 + restoreTask: + name: postgres-restore-17.2 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 17.4' + version: "17.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} + +--- + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: PostgresVersion +metadata: + name: '17.4-bookworm' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + archiver: + addon: + name: postgres-addon + tasks: + fullBackup: + name: physical-backup + fullBackupRestore: + name: physical-backup-restore + manifestBackup: + name: manifest-backup + manifestRestore: + name: manifest-restore + volumeSnapshot: + name: volume-snapshot + walg: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-archiver") $) }}:v0.14.0_17.2-bookworm' + coordinator: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/pg-coordinator") $) }}:v0.37.0' + db: + baseOS: bookworm + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/postgres") $) }}:17.4-bookworm' + distribution: Official + exporter: + image: '{{ include "image.dockerHub" (merge (dict "_repo" "prometheuscommunity/postgres-exporter") $) }}:v0.15.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-init") $) }}:0.17.1' + securityContext: + runAsAnyNonRoot: true + runAsUser: 999 + stash: + addon: + backupTask: + name: postgres-backup-17.2 + restoreTask: + name: postgres-restore-17.2 + ui: + - name: pgadmin + version: v2024.4.27 + - name: dbgate + version: v2024.4.27 + updateConstraints: + allowlist: + - '>= 17.4' + version: "17.4" + podSecurityPolicies: + databasePolicyName: {{ ternary "postgres-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/postgres/postgres-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/postgres/postgres-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.0.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.0.4.yaml similarity index 80% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.0.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.0.4.yaml index baf8e78..55dc577 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.0.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.0.4.yaml @@ -14,11 +14,13 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:v2.0.4' + securityContext: + runAsUser: 999 version: 2.0.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "2.0.4" .Values.enableVersions.ProxySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.3.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.3.2.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.3.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.3.2.yaml index 4a6b919..ff81e41 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.3.2.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/deprecated-proxysql-2.3.2.yaml @@ -14,11 +14,13 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:2.3.2-debian' + securityContext: + runAsUser: 999 version: 2.3.2 + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "2.3.2" .Values.enableVersions.ProxySQL) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-centos.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-centos.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-centos.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-centos.yaml index d1f7ee0..75de61f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-centos.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-centos.yaml @@ -14,8 +14,6 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:2.3.2-centos-v2' securityContext: @@ -24,4 +22,6 @@ spec: allowlist: - '>= 2.3.2-centos, <= 2.6.3-debian' version: 2.3.2-centos + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-debian.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-debian.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-debian.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-debian.yaml index 116206d..8728abe 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-debian.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.3.2-debian.yaml @@ -14,8 +14,6 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:2.3.2-debian-v2' securityContext: @@ -24,4 +22,6 @@ spec: allowlist: - '>= 2.3.2-debian, <= 2.6.3-debian' version: 2.3.2-debian + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-centos.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-centos.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-centos.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-centos.yaml index 305df02..97cc172 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-centos.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-centos.yaml @@ -14,8 +14,6 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:2.4.4-centos' securityContext: @@ -24,4 +22,6 @@ spec: allowlist: - '>= 2.4.4-centos, <= 2.6.3-debian' version: 2.4.4-centos + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-debian.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-debian.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-debian.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-debian.yaml index 618d00a..0926d77 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-debian.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.4.4-debian.yaml @@ -14,8 +14,6 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:2.4.4-debian' securityContext: @@ -24,4 +22,6 @@ spec: allowlist: - '>= 2.4.4-debian, <= 2.6.3-debian' version: 2.4.4-debian + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.6.3-debian.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.6.3-debian.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.6.3-debian.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.6.3-debian.yaml index 3cfb43c..52f5e11 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.6.3-debian.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-2.6.3-debian.yaml @@ -14,8 +14,6 @@ metadata: spec: exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql-exporter") $) }}:v1.1.0' - podSecurityPolicies: - databasePolicyName: proxysql-db proxysql: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/proxysql") $) }}:2.6.3-debian' securityContext: @@ -24,4 +22,6 @@ spec: allowlist: - '>= 2.6.3-debian, <= 2.6.3-debian' version: 2.6.3-debian + podSecurityPolicies: + databasePolicyName: {{ ternary "proxysql-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/proxysql/proxysql-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.12.12.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.12.12.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.12.12.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.12.12.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.13.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.13.2.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.13.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-3.13.2.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-4.0.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-4.0.4.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-4.0.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/rabbitmq/rabbitmq-4.0.4.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.6.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.6.yaml similarity index 80% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.6.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.6.yaml index 16edc1f..91cc8a9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.6.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.6.yaml @@ -13,16 +13,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0.6' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: 4.0.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.6" .Values.enableVersions.Redis) }} {{ end }} @@ -36,16 +38,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0.6-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: 4.0.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.6-v1" .Values.enableVersions.Redis) }} {{ end }} @@ -59,18 +63,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0.6-v2' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 version: 4.0.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0.6-v2" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.yaml index 383e3e9..b191646 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.0.yaml @@ -13,16 +13,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: "4.0" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0" .Values.enableVersions.Redis) }} {{ end }} @@ -36,16 +38,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: "4.0" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0-v1" .Values.enableVersions.Redis) }} {{ end }} @@ -59,16 +63,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0-v2' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: "4.0" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4.0-v2" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.yaml index 1a5c475..6a96caf 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-4.yaml @@ -13,16 +13,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/operator") $) }}:0.8.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: "4" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4" .Values.enableVersions.Redis) }} {{ end }} @@ -36,16 +38,18 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 version: "4" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "4-v1" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.3.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.3.yaml index 0a1b474..1efae2d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.3.yaml @@ -13,15 +13,15 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:5.0.3' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -29,6 +29,8 @@ spec: restoreTask: name: redis-restore-5.0.13 version: 5.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0.3" .Values.enableVersions.Redis) }} {{ end }} @@ -42,15 +44,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:5.0.3-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -60,6 +60,8 @@ spec: restoreTask: name: redis-restore-5.0.13 version: 5.0.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0.3-v1" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.yaml index c8bf931..ee3d333 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-5.0.yaml @@ -13,15 +13,15 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:5.0' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -29,6 +29,8 @@ spec: restoreTask: name: redis-restore-5.0.13 version: "5.0" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0" .Values.enableVersions.Redis) }} {{ end }} @@ -42,15 +44,15 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:5.0-v1' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db + securityContext: + runAsUser: 999 stash: addon: backupTask: @@ -58,6 +60,8 @@ spec: restoreTask: name: redis-restore-5.0.13 version: "5.0" + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "5.0-v1" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.18.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.18.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.18.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.18.yaml index 634f5aa..cfd3985 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.18.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.18.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:6.0.18' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-6.2.5 version: 6.0.18 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.0.18" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.6.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.6.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.6.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.6.yaml index 34f2a6c..d22cf84 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.6.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.0.6.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:6.0.6' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-6.2.5 version: 6.0.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.0.6" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.11.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.11.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.11.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.11.yaml index 95d3685..3bc0687 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.11.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.11.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:6.2.11' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-6.2.5 version: 6.2.11 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2.11" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.5.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.5.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.5.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.5.yaml index fb46a27..d772e82 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.5.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.5.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:6.2.5' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-6.2.5 version: 6.2.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2.5" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.7.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.7.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.7.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.7.yaml index 9e65ceb..649cf20 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.7.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.7.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:6.2.7' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-6.2.5 version: 6.2.7 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2.7" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.8.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.8.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.8.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.8.yaml index 25b7b62..e91214d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.8.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-6.2.8.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:6.2.8' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-6.2.5 version: 6.2.8 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "6.2.8" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.10.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.10.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.10.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.10.yaml index a5e195e..64c88e5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.10.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.10.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:7.0.10' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-7.0.5 version: 7.0.10 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.0.10" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.4.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.4.yaml index 874011a..c63e98c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.4.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:7.0.4' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-7.0.5 version: 7.0.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.0.4" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.5.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.5.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.5.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.5.yaml index 479b9ac..5f759c4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.5.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.5.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:7.0.5' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-7.0.5 version: 7.0.5 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.0.5" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.6.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.6.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.6.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.6.yaml index cf4a0c1..a7ad579 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.6.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.6.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:7.0.6' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-7.0.5 version: 7.0.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.0.6" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.9.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.9.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.9.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.9.yaml index b88f8e2..0802a4d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.9.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.0.9.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:7.0.9' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-7.0.5 version: 7.0.9 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.0.9" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.2.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.2.0.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.2.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.2.0.yaml index bb0d8c0..34a50b5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.2.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/deprecated-redis-7.2.0.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.dockerLibrary" (merge (dict "_repo" "redis") $) }}:7.2.0' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.7.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -31,6 +29,8 @@ spec: restoreTask: name: redis-restore-7.0.5 version: 7.2.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} deprecated: {{ not (has "7.2.0" .Values.enableVersions.Redis) }} {{ end }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-4.0.11.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-4.0.11.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-4.0.11.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-4.0.11.yaml index 253c127..6ef583b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-4.0.11.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-4.0.11.yaml @@ -13,19 +13,19 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis") $) }}:4.0.11' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 updateConstraints: allowlist: - '>= 4.0.11, < 5.0.15' version: 4.0.11 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-5.0.14.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-5.0.14.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-5.0.14.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-5.0.14.yaml index 2d7d780..eb295d7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-5.0.14.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-5.0.14.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:5.0.14-bullseye' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 5.0.14, < 6.0.21' version: 5.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.0.20.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.0.20.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.0.20.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.0.20.yaml index 8b54a45..6018b09 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.0.20.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.0.20.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:6.0.20-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 6.0.20, < 6.2.15' version: 6.0.20 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.14.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.14.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.14.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.14.yaml index 20e5c83..6328491 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.14.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.14.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:6.2.14-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 6.2.14, < 7.0.15' version: 6.2.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.16.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.16.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.16.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.16.yaml index afa3f7f..9d13b40 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.16.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-6.2.16.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:6.2.16-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 6.2.16, < 7.0.16' version: 6.2.16 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.14.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.14.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.14.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.14.yaml index 51ec193..25d708e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.14.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.14.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.0.14-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 7.0.14, < 7.4.2' version: 7.0.14 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.15.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.15.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.15.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.15.yaml index 175f12b..591cafd 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.15.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.0.15.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.0.15-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 7.0.15, < 7.4.2' version: 7.0.15 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.3.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.3.yaml index 5851e3c..62086fb 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.3.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.2.3-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 7.2.3, < 7.4.2' version: 7.2.3 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.4.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.4.yaml index c07fa51..a185fca 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.4.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.2.4-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 7.2.4, < 7.4.2' version: 7.2.4 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.6.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.6.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.6.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.6.yaml index be72a8b..4c70050 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.6.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.2.6.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.2.6-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 7.2.6, < 7.4.2' version: 7.2.6 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.0.yaml similarity index 85% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.0.yaml index 459f810..935ced4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.0.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.4.0-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - '>= 7.4.0, < 7.4.2' version: 7.4.0 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.1.yaml similarity index 84% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.1.yaml index 25d8326..9d85787 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-7.4.1.yaml @@ -13,15 +13,13 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.31.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-coordinator") $) }}:v0.32.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/redis") $) }}:7.4.1-bookworm' exporter: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis_exporter") $) }}:1.66.0' initContainer: image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-init") $) }}:0.9.0' - podSecurityPolicies: - databasePolicyName: redis-db securityContext: runAsUser: 999 stash: @@ -34,4 +32,6 @@ spec: allowlist: - 7.4.1 version: 7.4.1 + podSecurityPolicies: + databasePolicyName: {{ ternary "redis-db" `""` (and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/redis/redis-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/redis/redis-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-2.5.11-apicurio.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-2.5.11-apicurio.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-2.5.11-apicurio.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-2.5.11-apicurio.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-3.15.0-aiven.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-3.15.0-aiven.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-3.15.0-aiven.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/schemaregistry/schemaregistry-3.15.0-aiven.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.1.32.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.1.32.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.1.32.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.1.32.yaml index 125b547..ebcf9a9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.1.32.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.1.32.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/singlestore-node") $) }}:alma-8.1.32-e3d3cde6da' initContainer: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.30.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.30.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.30.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.30.yaml index b9a2f66..8d045c9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.30.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.30.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/singlestore-node") $) }}:alma-8.5.30-4f46ab16a5' initContainer: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.7.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.7.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.7.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.7.yaml index 9c8d65b..a304ee1 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.7.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.5.7.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/singlestore-node") $) }}:alma-8.5.7-bf633c1a54' initContainer: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.10.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.10.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.10.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.10.yaml index b0919d4..7df4286 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.10.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.10.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/singlestore-node") $) }}:alma-8.7.10-95e2357384' initContainer: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.21.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.21.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.21.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.21.yaml index b69643d..e66026f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.21.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.7.21.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/singlestore-node") $) }}:alma-8.7.21-f0b8de04d5' initContainer: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.9.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.9.3.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.9.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.9.3.yaml index e7f38aa..80b5efe 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.9.3.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/singlestore/singlestore-8.9.3.yaml @@ -13,7 +13,7 @@ metadata: {{- include "kubedb-catalog.labels" . | nindent 4 }} spec: coordinator: - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.7.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-coordinator") $) }}:v0.8.0' db: image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/singlestore-node") $) }}:alma-8.9.3-bfa36a984a' initContainer: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/deprecated-solr-8.11.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/deprecated-solr-8.11.2.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/deprecated-solr-8.11.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/deprecated-solr-8.11.2.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-8.11.4.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-8.11.4.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-8.11.4.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-8.11.4.yaml index b08eb3b..fc9b8cc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-8.11.4.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-8.11.4.yaml @@ -20,6 +20,6 @@ spec: runAsUser: 8983 updateConstraints: allowlist: - - '>= 8.11.2, <= 9.7.0' + - '>= 8.11.2, <= 9.9.0' version: 8.11.4 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.4.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.4.1.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.4.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.4.1.yaml index 86760e7..fe9a684 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.4.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.4.1.yaml @@ -20,6 +20,6 @@ spec: runAsUser: 8983 updateConstraints: allowlist: - - '>= 9.4.1, <= 9.7.0' + - '>= 9.4.1, <= 9.9.0' version: 9.4.1 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.6.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.6.1.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.6.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.6.1.yaml index 3978add..89763ea 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.6.1.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.6.1.yaml @@ -20,6 +20,6 @@ spec: runAsUser: 8983 updateConstraints: allowlist: - - '>= 9.6.1, <= 9.7.0' + - '>= 9.6.1, <= 9.9.0' version: 9.6.1 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.7.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.7.0.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.7.0.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.7.0.yaml index 5058547..d0dffef 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/solr/solr-9.7.0.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.7.0.yaml @@ -20,6 +20,6 @@ spec: runAsUser: 8983 updateConstraints: allowlist: - - 9.7.0 + - '>= 9.7.0, <= 9.9.0' version: 9.7.0 {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.8.0.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.8.0.yaml new file mode 100644 index 0000000..ad4bea0 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/solr/solr-9.8.0.yaml @@ -0,0 +1,25 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{ if $featureGates.Solr }} + +apiVersion: catalog.kubedb.com/v1alpha1 +kind: SolrVersion +metadata: + name: '9.8.0' + labels: + {{- include "kubedb-catalog.labels" . | nindent 4 }} +spec: + db: + image: '{{ include "image.ghcr" (merge (dict "_repo" "appscode-images/solr") $) }}:9.8.0' + initContainer: + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/solr-init") $) }}:9.8.0' + securityContext: + runAsUser: 8983 + updateConstraints: + allowlist: + - '>= 9.8.0, <= 9.9.0' + version: 9.8.0 +{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.7.2.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.7.2.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.7.2.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.7.2.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.8.3.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.8.3.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.8.3.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.8.3.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.9.1.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.9.1.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.9.1.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/templates/zookeeper/zookeeper-3.9.1.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/values.openapiv3_schema.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/values.openapiv3_schema.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/values.openapiv3_schema.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-catalog/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-catalog/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/Chart.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/Chart.yaml index 715a672..ef4b3e3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.7.0 +appVersion: v0.8.0 description: KubeDB CRD Manager by AppsCode home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-ops-manager-icon.png @@ -9,4 +9,4 @@ maintainers: name: kubedb-crd-manager sources: - https://github.com/kubedb -version: v0.7.0 +version: v0.8.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/README.md similarity index 98% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/README.md index 9b052d2..c4d0d18 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-crd-manager --version=v0.7.0 -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.7.0 +$ helm search repo appscode/kubedb-crd-manager --version=v0.8.0 +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.8.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB CRD Manager operator on a [Kubernetes](http://kubern To install/upgrade the chart with the release name `kubedb-ops-manager`: ```bash -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.7.0 +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.8.0 ``` The command deploys a KubeDB CRD Manager operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -93,12 +93,12 @@ The following table lists the configurable parameters of the `kubedb-crd-manager Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.7.0 --set registryFQDN=ghcr.io +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.8.0 --set registryFQDN=ghcr.io ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.7.0 --values values.yaml +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-crd-manager -n kubedb --create-namespace --version=v0.8.0 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/NOTES.txt similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/NOTES.txt diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/job.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/job.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/job.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/job.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/values.openapiv3_schema.yaml new file mode 100644 index 0000000..074fc72 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/values.openapiv3_schema.yaml @@ -0,0 +1,2055 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + removeUnusedCRDs: + type: boolean + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. + + If Requests is omitted for a container, it defaults to Limits if that is + explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext holds security configuration that will be applied + to a container. + + Some fields are present in both SecurityContext and PodSecurityContext. When + both + + are set, the values in SecurityContext take precedence.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain + more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root on + the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the containers. + + The default value is Default which uses the container runtime defaults for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp options + are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array + ttlSecondsAfterFinished: + type: integer +required: +- featureGates +- image +- imagePullPolicy +- removeUnusedCRDs +- serviceAccount +- ttlSecondsAfterFinished +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-crd-manager/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-crd-manager/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/Chart.yaml new file mode 100644 index 0000000..53c5170 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: v0.1.0 +description: KubeDB GitOps operator by AppsCode +home: https://github.com/kubedb/gitops +icon: https://cdn.appscode.com/images/products/kubedb/kubedb-icon.png +maintainers: +- email: support@appscode.com + name: appscode +name: kubedb-gitops +sources: +- https://github.com/kubedb/gitops +type: application +version: v0.1.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/README.md new file mode 100644 index 0000000..28d5488 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/README.md @@ -0,0 +1,116 @@ +# KubeDB GitOps operator + +[KubeDB GitOps operator by AppsCode](https://github.com/appscode-cloud) - KubeDB GitOps operator + +## TL;DR; + +```bash +$ helm repo add appscode https://charts.appscode.com/stable/ +$ helm repo update +$ helm search repo appscode/kubedb-gitops --version=v0.1.0 +$ helm upgrade -i kubedb-gitops appscode/kubedb-gitops -n kubedb --create-namespace --version=v0.1.0 +``` + +## Introduction + +This chart deploys a KubeDB GitOps operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.21+ + +## Installing the Chart + +To install/upgrade the chart with the release name `kubedb-gitops`: + +```bash +$ helm upgrade -i kubedb-gitops appscode/kubedb-gitops -n kubedb --create-namespace --version=v0.1.0 +``` + +The command deploys a KubeDB GitOps operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall the `kubedb-gitops`: + +```bash +$ helm uninstall kubedb-gitops -n kubedb +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `kubedb-gitops` chart and their default values. + +| Parameter | Description | Default | +|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| replicaCount | | 1 | +| registryFQDN | Docker registry fqdn used to pull app related images. Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | +| image.registry | Docker registry used to pull app container image | kubedb | +| image.repository | | kubedb-gitops | +| image.pullPolicy | | IfNotPresent | +| image.tag | Overrides the image tag whose default is the chart appVersion. | "" | +| imagePullSecrets | | [] | +| nameOverride | | "" | +| fullnameOverride | | "" | +| serviceAccount.create | Specifies whether a service account should be created | true | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | +| podAnnotations | | {} | +| podLabels | | {} | +| podSecurityContext | | {} | +| securityContext | | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | +| service.type | | ClusterIP | +| service.port | | 8081 | +| resources | | {} | +| livenessProbe.httpGet.path | | /healthz | +| livenessProbe.httpGet.port | | probes | +| livenessProbe.initialDelaySeconds | | 15 | +| livenessProbe.periodSeconds | | 20 | +| readinessProbe.httpGet.path | | /readyz | +| readinessProbe.httpGet.port | | probes | +| readinessProbe.initialDelaySeconds | | 5 | +| readinessProbe.periodSeconds | | 10 | +| volumes | Additional volumes on the output Deployment definition. | [] | +| volumeMounts | Additional volumeMounts on the output Deployment definition. | [] | +| nodeSelector | | {} | +| tolerations | | [] | +| affinity | | {} | +| featureGates.Cassandra | | false | +| featureGates.ClickHouse | | false | +| featureGates.Druid | | false | +| featureGates.Elasticsearch | | false | +| featureGates.FerretDB | | false | +| featureGates.Kafka | | false | +| featureGates.MariaDB | | false | +| featureGates.Memcached | | false | +| featureGates.MongoDB | | false | +| featureGates.MSSQLServer | | false | +| featureGates.MySQL | | false | +| featureGates.PerconaXtraDB | | false | +| featureGates.PgBouncer | | false | +| featureGates.Pgpool | | false | +| featureGates.Postgres | | false | +| featureGates.ProxySQL | | false | +| featureGates.RabbitMQ | | false | +| featureGates.Redis | | false | +| featureGates.Singlestore | | false | +| featureGates.Solr | | false | +| featureGates.ZooKeeper | | false | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: + +```bash +$ helm upgrade -i kubedb-gitops appscode/kubedb-gitops -n kubedb --create-namespace --version=v0.1.0 --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +$ helm upgrade -i kubedb-gitops appscode/kubedb-gitops -n kubedb --create-namespace --version=v0.1.0 --values values.yaml +``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/doc.yaml new file mode 100644 index 0000000..da6ee54 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/doc.yaml @@ -0,0 +1,18 @@ +project: + name: KubeDB GitOps operator by AppsCode + shortName: KubeDB GitOps operator + url: https://github.com/appscode-cloud + description: KubeDB GitOps operator + app: a KubeDB GitOps operator +repository: + url: https://charts.appscode.com/stable/ + name: appscode +chart: + name: kubedb-gitops + values: -- generate from values file -- + valuesExample: -- generate from values file -- +prerequisites: +- Kubernetes 1.21+ +release: + name: kubedb-gitops + namespace: kubedb diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/NOTES.txt new file mode 100644 index 0000000..0d869ee --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that KubeDB gitops operator has started, run: + + kubectl get statefulset --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-gitops.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/_helpers.tpl new file mode 100644 index 0000000..fd5f615 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubedb-gitops.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubedb-gitops.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubedb-gitops.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubedb-gitops.labels" -}} +helm.sh/chart: {{ include "kubedb-gitops.chart" . }} +{{ include "kubedb-gitops.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubedb-gitops.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubedb-gitops.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubedb-gitops.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubedb-gitops.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Returns the registry used for image docker image +*/}} +{{- define "image.registry" -}} +{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }} +{{- end }} + +{{- define "appscode.imagePullSecrets" -}} +{{- with .Values.imagePullSecrets -}} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/rbac.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/rbac.yaml new file mode 100644 index 0000000..a65aa85 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/rbac.yaml @@ -0,0 +1,136 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:manager + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +rules: +- apiGroups: + - "*" + resources: + - "*" + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:metrics-auth + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:metrics-reader + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubedb-gitops.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "kubedb-gitops.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:manager + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubedb-gitops.fullname" . }}:manager +subjects: +- kind: ServiceAccount + name: {{ include "kubedb-gitops.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kubedb-gitops.fullname" . }}:metrics-auth + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubedb-gitops.fullname" . }}:metrics-auth +subjects: +- kind: ServiceAccount + name: {{ include "kubedb-gitops.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/service-headless.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/service-headless.yaml new file mode 100644 index 0000000..746081d --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/service-headless.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubedb-gitops.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: metrics + port: 8443 + - name: probes + port: {{ .Values.service.port }} + selector: + {{- include "kubedb-gitops.labels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/service.yaml new file mode 100644 index 0000000..f44beda --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubedb-gitops.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: 8443 + protocol: TCP + targetPort: metrics + selector: + {{- include "kubedb-gitops.labels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/serviceaccount.yaml new file mode 100644 index 0000000..d171f07 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kubedb-gitops.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: true +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/statefulset.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/statefulset.yaml new file mode 100644 index 0000000..6467ce4 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/templates/statefulset.yaml @@ -0,0 +1,103 @@ +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{- $nodeSelector := .Values.nodeSelector }} +{{- if .Values.global }} + {{ $nodeSelector = default .Values.nodeSelector .Values.global.nodeSelector }} +{{- end }} + +{{- $tolerations := .Values.tolerations }} +{{- if .Values.global }} + {{ $tolerations = default .Values.tolerations .Values.global.tolerations }} +{{- end }} + +{{- $affinity := .Values.affinity }} +{{- if .Values.global }} + {{ $affinity = default .Values.affinity .Values.global.affinity }} +{{- end }} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "kubedb-gitops.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + serviceName: {{ include "kubedb-gitops.fullname" . }}-headless + selector: + matchLabels: + {{- include "kubedb-gitops.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kubedb-gitops.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "appscode.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "kubedb-gitops.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - run + - --metrics-bind-address=:8443 + - --health-probe-bind-address=:{{ .Values.service.port }} + {{- range $db, $enable := $featureGates }} + - --feature-gates={{ $db }}={{ $enable }} + {{- end }} + ports: + - name: metrics + containerPort: 8443 + - name: probes + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if $affinity }} + affinity: + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "kubedb-gitops.selectorLabels" . | nindent 18 }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + {{- with $tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/values.openapiv3_schema.yaml new file mode 100644 index 0000000..d136635 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/values.openapiv3_schema.yaml @@ -0,0 +1,4847 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + image: + properties: + pullPolicy: + type: string + registry: + type: string + repository: + type: string + tag: + type: string + required: + - pullPolicy + - registry + - repository + - tag + type: object + imagePullSecrets: + items: + type: string + type: array + livenessProbe: + description: 'Probe describes a health check to be performed against a container + to determine whether it is + + alive or ready to receive traffic.' + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: 'Command is the command line to execute inside the container, + the working directory for the + + command is root (''/'') in the container''s filesystem. The command + is simply exec''d, it is + + not run inside a shell, so traditional shell instructions (''|'', etc) + won''t work. To use + + a shell, you need to explicitly call out to that shell. + + Exit status of 0 is treated as live/healthy and non-zero is unhealthy.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered + failed after having succeeded. + + Defaults to 3. Minimum value is 1.' + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + default: '' + description: 'Service is the name of the service to place in the gRPC + HealthCheckRequest + + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC.' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: 'Host name to connect to, defaults to the pod IP. You probably + want to set + + "Host" in httpHeaders instead.' + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP + probes + properties: + name: + description: 'The header field name. + + This will be canonicalized upon output, so case-variant names + will be understood as the same header.' + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Name or number of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + scheme: + description: 'Scheme to use for connecting to the host. + + Defaults to HTTP.' + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness + probes are initiated. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: 'How often (in seconds) to perform the probe. + + Default to 10 seconds. Minimum value is 1.' + format: int32 + type: integer + successThreshold: + description: 'Minimum consecutive successes for the probe to be considered + successful after having failed. + + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.' + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: 'Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. + + The grace period is the duration in seconds after the processes running + in the pod are sent + + a termination signal and the time when the processes are forcibly halted + with a kill signal. + + Set this value longer than the expected cleanup time for your process. + + If this value is nil, the pod''s terminationGracePeriodSeconds will be used. + Otherwise, this + + value overrides the value provided by the pod spec. + + Value must be non-negative integer. The value zero indicates stop immediately + via + + the kill signal (no opportunity to shut down). + + This is a beta field and requires enabling ProbeTerminationGracePeriod feature + gate. + + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.' + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times out. + + Defaults to 1 second. Minimum value is 1. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + readinessProbe: + description: 'Probe describes a health check to be performed against a container + to determine whether it is + + alive or ready to receive traffic.' + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: 'Command is the command line to execute inside the container, + the working directory for the + + command is root (''/'') in the container''s filesystem. The command + is simply exec''d, it is + + not run inside a shell, so traditional shell instructions (''|'', etc) + won''t work. To use + + a shell, you need to explicitly call out to that shell. + + Exit status of 0 is treated as live/healthy and non-zero is unhealthy.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered + failed after having succeeded. + + Defaults to 3. Minimum value is 1.' + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + default: '' + description: 'Service is the name of the service to place in the gRPC + HealthCheckRequest + + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC.' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: 'Host name to connect to, defaults to the pod IP. You probably + want to set + + "Host" in httpHeaders instead.' + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP + probes + properties: + name: + description: 'The header field name. + + This will be canonicalized upon output, so case-variant names + will be understood as the same header.' + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Name or number of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + scheme: + description: 'Scheme to use for connecting to the host. + + Defaults to HTTP.' + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness + probes are initiated. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: 'How often (in seconds) to perform the probe. + + Default to 10 seconds. Minimum value is 1.' + format: int32 + type: integer + successThreshold: + description: 'Minimum consecutive successes for the probe to be considered + successful after having failed. + + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.' + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: 'Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. + + The grace period is the duration in seconds after the processes running + in the pod are sent + + a termination signal and the time when the processes are forcibly halted + with a kill signal. + + Set this value longer than the expected cleanup time for your process. + + If this value is nil, the pod''s terminationGracePeriodSeconds will be used. + Otherwise, this + + value overrides the value provided by the pod spec. + + Value must be non-negative integer. The value zero indicates stop immediately + via + + the kill signal (no opportunity to shut down). + + This is a beta field and requires enabling ProbeTerminationGracePeriod feature + gate. + + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.' + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times out. + + Defaults to 1 second. Minimum value is 1. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. + + If Requests is omitted for a container, it defaults to Limits if that is + explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext holds security configuration that will be applied + to a container. + + Some fields are present in both SecurityContext and PodSecurityContext. When + both + + are set, the values in SecurityContext take precedence.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain + more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root on + the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the containers. + + The default value is Default which uses the container runtime defaults for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp options + are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + service: + properties: + port: + type: integer + type: + type: string + required: + - port + - type + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array + volumeMounts: + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: 'Path within the container at which the volume should be mounted. Must + + not contain '':''.' + type: string + mountPropagation: + description: 'mountPropagation determines how mounts are propagated from + the host + + to container and the other way around. + + When not set, MountPropagationNone is used. + + This field is beta in 1.10. + + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation + must be None or unspecified + + (which defaults to None).' + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: 'Mounted read-only if true, read-write otherwise (false or + unspecified). + + Defaults to false.' + type: boolean + recursiveReadOnly: + description: 'RecursiveReadOnly specifies whether read-only mounts should + be handled + + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not + made + + recursively read-only. If this field is set to IfPossible, the mount + is made + + recursively read-only, if it is supported by the container runtime. If + this + + field is set to Enabled, the mount is made recursively read-only if it + is + + supported by the container runtime, otherwise the pod will not be started + and + + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be + set to + + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled.' + type: string + subPath: + description: 'Path within the volume from which the container''s volume + should be mounted. + + Defaults to "" (volume''s root).' + type: string + subPathExpr: + description: 'Expanded path within the volume from which the container''s + volume should be mounted. + + Behaves similarly to SubPath but environment variable references $(VAR_NAME) + are expanded using the container''s environment. + + Defaults to "" (volume''s root). + + SubPathExpr and SubPath are mutually exclusive.' + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + description: Volume represents a named volume in a pod that may be accessed + by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource that + is attached to a + + kubelet''s host machine and then exposed to the pod. + + Deprecated: AWSElasticBlockStore is deprecated. All operations for the + in-tree + + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume that you want + to mount. + + Tip: Ensure that the filesystem type is supported by the host operating + system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + partition: + description: 'partition is the partition in the volume that you want + to mount. + + If omitted, the default is to mount by volume name. + + Examples: For volume /dev/sda1, you specify the partition as "1". + + Similarly, the volume partition for /dev/sda is "0" (or you can leave + the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly setting in + VolumeMounts. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk resource + in AWS (Amazon EBS volume). + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: 'azureDisk represents an Azure Data Disk mount on the host + and bind mount to the pod. + + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk + type + + are redirected to the disk.csi.azure.com CSI driver.' + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, Read Only, + Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob storage + type: string + fsType: + default: ext4 + description: 'fsType is Filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + kind: + description: 'kind expected values are Shared: multiple blob disks per + storage account Dedicated: single blob disk per storage account Managed: + azure managed data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + default: false + description: 'readOnly Defaults to false (read/write). ReadOnly here + will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: 'azureFile represents an Azure File Service mount on the host + and bind mount to the pod. + + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile + type + + are redirected to the file.csi.azure.com CSI driver.' + properties: + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly here + will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretName: + description: secretName is the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: 'cephFS represents a Ceph FS mount on the host that shares + a pod''s lifetime. + + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer + supported.' + properties: + monitors: + description: 'monitors is Required: Monitors is a collection of Ceph + monitors + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force + + the ReadOnly setting in VolumeMounts. + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference to the authentication + secret for User, default is empty. + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, default + is admin + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and mounted on + kubelets host machine. + + Deprecated: Cinder is deprecated. All operations for the in-tree cinder + type + + are redirected to the cinder.csi.openstack.org CSI driver. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly here + will force + + the ReadOnly setting in VolumeMounts. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret object containing + parameters used to connect + + to OpenStack.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate this + volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to set permissions + on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + Defaults to 0644. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: 'items if unspecified, each key-value pair in the Data + field of the referenced + + ConfigMap will be projected into the volume as a file whose name is + the + + key and content is the value. If specified, the listed keys will be + + projected into the specified paths, and unlisted keys will not be + + present. If a key is specified which is not present in the ConfigMap, + + the volume setup will error unless it is marked optional. Paths must + be + + relative and may not contain the ''..'' path or start with ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set permissions + on this file. + + Must be an octal value between 0000 and 0777 or a decimal value + between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that affect the + file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file to map the + key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral storage + that is handled by certain external CSI drivers. + properties: + driver: + description: 'driver is the name of the CSI driver that handles this + volume. + + Consult with your admin for the correct name as registered in the + cluster.' + type: string + fsType: + description: 'fsType to mount. Ex. "ext4", "xfs", "ntfs". + + If not provided, the empty value is passed to the associated CSI driver + + which will determine the default filesystem to apply.' + type: string + nodePublishSecretRef: + description: 'nodePublishSecretRef is a reference to the secret object + containing + + sensitive information to pass to the CSI driver to complete the CSI + + NodePublishVolume and NodeUnpublishVolume calls. + + This field is optional, and may be empty if no secret is required. + If the + + secret object contains more than one secret, all secret references + are passed.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: 'readOnly specifies a read-only configuration for the volume. + + Defaults to false (read/write).' + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: 'volumeAttributes stores driver-specific properties that + are passed to the CSI + + driver. Consult your driver''s documentation for supported values.' + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. + Must be a + + Optional: mode bits used to set permissions on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + Defaults to 0644. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, + labels, name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this + file, must be an octal value + + between 0000 and 0777 or a decimal value between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that affect the + file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the + file to be created. Must not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests + + (limits.cpu, limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that shares a pod''s + lifetime. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium should back + this directory. + + The default is "" which means to use the node''s default medium. + + Must be an empty string (default) or Memory. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage required + for this EmptyDir volume. + + The size limit is also applicable for memory medium. + + The maximum usage on memory medium EmptyDir would be the minimum value + between + + the SizeLimit specified here and the sum of memory limits of all containers + in a pod. + + The default is nil which means that the limit is undefined. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster\ + \ storage driver.\nThe volume's lifecycle is tied to the pod that defines\ + \ it - it will be created before the pod starts,\nand deleted when the\ + \ pod is removed.\n\nUse this if:\na) the volume is only needed while\ + \ the pod runs,\nb) features of normal volumes like restoring from snapshot\ + \ or capacity\n tracking are needed,\nc) the storage driver is specified\ + \ through a storage class, and\nd) the storage driver supports dynamic\ + \ volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource\ + \ for more\n information on the connection between this volume type\n\ + \ and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of\ + \ the vendor-specific\nAPIs for volumes that persist for longer than the\ + \ lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral\ + \ volumes if the CSI driver is meant to\nbe used that way - see the documentation\ + \ of the driver for\nmore information.\n\nA pod can use both types of\ + \ ephemeral volumes and\npersistent volumes at the same time." + properties: + volumeClaimTemplate: + description: 'Will be used to create a stand-alone PVC to provision + the volume. + + The pod in which this EphemeralVolumeSource is embedded will be the + + owner of the PVC, i.e. the PVC will be deleted together with the + + pod. The name of the PVC will be `-` where + + `` is the name from the `PodSpec.Volumes` array + + entry. Pod validation will reject the pod if the concatenated name + + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + + will *not* be used for the pod to avoid using an unrelated + + volume by mistake. Starting the pod is then blocked until + + the unrelated PVC is removed. If such a pre-created PVC is + + meant to be used by the pod, the PVC has to updated with an + + owner reference to the pod once the pod exists. Normally + + this should not be necessary, but it may be useful when + + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + + to the PVC after it has been created. + + + Required, must not be nil.' + properties: + metadata: + description: 'May contain labels and annotations that will be copied + into the PVC + + when creating it. No other fields are allowed and will be rejected + during + + validation.' + type: object + spec: + description: 'The specification for the PersistentVolumeClaim. The + entire content is + + copied unchanged into the PVC that gets created from this + + template. The same fields as in a PersistentVolumeClaim + + are also valid here.' + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field can be used to specify either: + + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + + * An existing PVC (PersistentVolumeClaim) + + If the provisioner or an external controller can support the + specified data source, + + it will create a new volume based on the contents of the specified + data source. + + When the AnyVolumeDataSource feature gate is enabled, dataSource + contents will be copied to dataSourceRef, + + and dataSourceRef contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + + If the namespace is specified, then dataSourceRef will not + be copied to dataSource.' + properties: + apiGroup: + description: 'APIGroup is the group for the resource being + referenced. + + If APIGroup is not specified, the specified Kind must + be in the core API group. + + For any other third-party types, APIGroup is required.' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: "dataSourceRef specifies the object from which\ + \ to populate the volume with data, if a non-empty\nvolume\ + \ is desired. This may be any object from a non-empty API\ + \ group (non\ncore object) or a PersistentVolumeClaim object.\n\ + When this field is specified, volume binding will only succeed\ + \ if the type of\nthe specified object matches some installed\ + \ volume populator or dynamic\nprovisioner.\nThis field will\ + \ replace the functionality of the dataSource field and as\ + \ such\nif both fields are non-empty, they must have the same\ + \ value. For backwards\ncompatibility, when namespace isn't\ + \ specified in dataSourceRef,\nboth fields (dataSource and\ + \ dataSourceRef) will be set to the same\nvalue automatically\ + \ if one of them is empty and the other is non-empty.\nWhen\ + \ namespace is specified in dataSourceRef,\ndataSource isn't\ + \ set to the same value and must be empty.\nThere are three\ + \ important differences between dataSource and dataSourceRef:\n\ + * While dataSource only allows two specific types of objects,\ + \ dataSourceRef\n allows any non-core object, as well as\ + \ PersistentVolumeClaim objects.\n* While dataSource ignores\ + \ disallowed values (dropping them), dataSourceRef\n preserves\ + \ all values, and generates an error if a disallowed value\ + \ is\n specified.\n* While dataSource only allows local objects,\ + \ dataSourceRef allows objects\n in any namespaces.\n(Beta)\ + \ Using this field requires the AnyVolumeDataSource feature\ + \ gate to be enabled.\n(Alpha) Using the namespace field of\ + \ dataSourceRef requires the CrossNamespaceVolumeDataSource\ + \ feature gate to be enabled." + properties: + apiGroup: + description: 'APIGroup is the group for the resource being + referenced. + + If APIGroup is not specified, the specified Kind must + be in the core API group. + + For any other third-party types, APIGroup is required.' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: 'Namespace is the namespace of resource being + referenced + + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to allow + that namespace''s owner to accept the reference. See the + ReferenceGrant documentation for details. + + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources the + volume should have. + + If RecoverVolumeExpansionFailure feature is enabled users + are allowed to specify resource requirements + + that are lower than previous value but must still be higher + than capacity recorded in the + + status field of the claim. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. + + If Requests is omitted for a container, it defaults to + Limits if that is explicitly specified, + + otherwise to an implementation-defined value. Requests + cannot exceed Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used to set the + VolumeAttributesClass used by this claim. + + If specified, the CSI driver will create or update the volume + with the attributes defined + + in the corresponding VolumeAttributesClass. This has a different + purpose than storageClassName, + + it can be changed after the claim is created. An empty string + value means that no VolumeAttributesClass + + will be applied to the claim but it''s not allowed to reset + this field to empty string once it is set. + + If unspecified and the PersistentVolumeClaim is unbound, the + default VolumeAttributesClass + + will be set by the persistentvolume controller if it exists. + + If the resource referred to by volumeAttributesClass does + not exist, this PersistentVolumeClaim will be + + set to a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource + + exists. + + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + + (Beta) Using this field requires the VolumeAttributesClass + feature gate to be enabled (off by default).' + type: string + volumeMode: + description: 'volumeMode defines what type of volume is required + by the claim. + + Value of Filesystem is implied when not included in claim + spec.' + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is attached to + a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC volume world wide identifiers (wwids) + + Either wwids or combination of targetWWNs and lun must be set, but + not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: 'flexVolume represents a generic volume resource that is + + provisioned/attached using an exec based plugin. + + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.' + properties: + driver: + description: driver is the name of the driver to use for this volume. + type: string + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume + script.' + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra command options + if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference to the secret + object containing + + sensitive information to pass to the plugin scripts. This may be + + empty if no secret object is specified. If the secret object + + contains more than one secret, all secrets are passed to the plugin + + scripts.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: 'flocker represents a Flocker volume attached to a kubelet''s + host machine. This depends on the Flocker control service being running. + + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer + supported.' + properties: + datasetName: + description: 'datasetName is Name of the dataset stored as metadata + -> name on the dataset for Flocker + + should be considered as deprecated' + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource that is attached + to a + + kubelet''s host machine and then exposed to the pod. + + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI + driver. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that you want + to mount. + + Tip: Ensure that the filesystem type is supported by the host operating + system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + partition: + description: 'partition is the partition in the volume that you want + to mount. + + If omitted, the default is to mount by volume name. + + Examples: For volume /dev/sda1, you specify the partition as "1". + + Similarly, the volume partition for /dev/sda is "0" (or you can leave + the property empty). + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in GCE. Used + to identify the disk in GCE. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. + + Defaults to false. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular revision. + + Deprecated: GitRepo is deprecated. To provision a container with a git + repo, mount an + + EmptyDir into an InitContainer that clones the repo using git, then mount + the EmptyDir + + into the Pod''s container.' + properties: + directory: + description: 'directory is the target directory name. + + Must not contain or start with ''..''. If ''.'' is supplied, the + volume directory will be the + + git repository. Otherwise, if specified, the volume will contain + the git repository in + + the subdirectory with the given name.' + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the host that shares + a pod''s lifetime. + + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is + no longer supported. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details Glusterfs + topology. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume to be mounted + with read-only permissions. + + Defaults to false. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory on the + host + + machine that is directly exposed to the container. This is generally + + used for system agents or other privileged things that are allowed + + to see the host machine. Most containers will NOT need this. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + properties: + path: + description: 'path of the directory on the host. + + If the path is a symlink, it will follow the link to the real path. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume + + Defaults to "" + + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + image: + description: 'image represents an OCI object (a container image or artifact) + pulled and mounted on the kubelet''s host machine. + + The volume is resolved at pod startup depending on which PullPolicy value + is provided: + + + - Always: the kubelet always attempts to pull the reference. Container + creation will fail If the pull fails. + + - Never: the kubelet never pulls the reference and only uses a local image + or artifact. Container creation will fail if the reference isn''t present. + + - IfNotPresent: the kubelet pulls if the reference isn''t already present + on disk. Container creation will fail if the reference isn''t present + and the pull fails. + + + The volume gets re-resolved if the pod gets deleted and recreated, which + means that new remote content will become available on pod recreation. + + A failure to resolve or pull the image during pod startup will block containers + from starting and may add significant latency. Failures will be retried + using normal volume backoff and will be reported on the pod reason and + message. + + The types of objects that may be mounted by this volume are defined by + the container runtime implementation on a host machine and at minimum + must include all valid types supported by the container image field. + + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) + by merging the manifest layers in the same way as for container images. + + The volume will be mounted read-only (ro) and non-executable files (noexec). + + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + + The field spec.securityContext.fsGroupChangePolicy has no effect on this + volume type.' + properties: + pullPolicy: + description: 'Policy for pulling OCI objects. Possible values are: + + Always: the kubelet always attempts to pull the reference. Container + creation will fail If the pull fails. + + Never: the kubelet never pulls the reference and only uses a local + image or artifact. Container creation will fail if the reference isn''t + present. + + IfNotPresent: the kubelet pulls if the reference isn''t already present + on disk. Container creation will fail if the reference isn''t present + and the pull fails. + + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.' + type: string + reference: + description: 'Required: Image or artifact reference to be used. + + Behaves in the same way as pod.spec.containers[*].image. + + Pull secrets will be assembled in the same way as for the container + image by looking up node credentials, SA image pull secrets, and pod + spec image pull secrets. + + More info: https://kubernetes.io/docs/concepts/containers/images + + This field is optional to allow higher level config management to + default or override + + container images in workload controllers like Deployments and StatefulSets.' + type: string + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is attached to + a + + kubelet''s host machine and then exposed to the pod. + + More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI Session CHAP + authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume that you want + to mount. + + Tip: Ensure that the filesystem type is supported by the host operating + system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi' + type: string + initiatorName: + description: 'initiatorName is the custom iSCSI Initiator Name. + + If initiatorName is specified with iscsiInterface simultaneously, + new iSCSI interface + + : will be created for the connection.' + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: 'iscsiInterface is the interface Name that uses an iSCSI + transport. + + Defaults to ''default'' (tcp).' + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: 'portals is the iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port + + is other than default (typically TCP ports 860 and 3260).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. + + Defaults to false.' + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: 'targetPortal is iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port + + is other than default (typically TCP ports 860 and 3260).' + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. + + Must be a DNS_LABEL and unique within the pod. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares a pod''s + lifetime + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to be mounted + with read-only permissions. + + Defaults to false. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the NFS server. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a reference to + a + + PersistentVolumeClaim in the same namespace. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim in the + same namespace as the pod using this volume. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: 'readOnly Will force the ReadOnly setting in VolumeMounts. + + Default false.' + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: 'photonPersistentDisk represents a PhotonController persistent + disk attached and mounted on kubelets host machine. + + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk + type is no longer supported.' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + pdID: + description: pdID is the ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: 'portworxVolume represents a portworx volume attached and mounted + on kubelets host machine. + + Deprecated: PortworxVolume is deprecated. All operations for the in-tree + portworxVolume type + + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx + feature-gate + + is on.' + properties: + fsType: + description: 'fSType represents the filesystem type to mount + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly here + will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: 'defaultMode are the mode bits used to set permissions + on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + sources: + description: 'sources is the list of volume projections. Each entry + in this list + + handles one source.' + items: + description: 'Projection that may be projected along with other supported + volume types. + + Exactly one of these fields must be set.' + properties: + clusterTrustBundle: + description: 'ClusterTrustBundle allows a pod to access the `.spec.trustBundle` + field + + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or + by the + + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents + written + + into the pod filesystem. Esoteric PEM features such as inter-block + + comments and block headers are stripped. Certificates are deduplicated. + + The ordering of certificates within the file is arbitrary, and + Kubelet + + may change the order over time.' + properties: + labelSelector: + description: 'Select all ClusterTrustBundles that match this + label selector. Only has + + effect if signerName is set. Mutually-exclusive with name. If + unset, + + interpreted as "match nothing". If set but empty, interpreted + as "match + + everything".' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: 'Select a single ClusterTrustBundle by object + name. Mutually-exclusive + + with signerName and labelSelector.' + type: string + optional: + description: 'If true, don''t block pod startup if the referenced + ClusterTrustBundle(s) + + aren''t available. If using name, then the named ClusterTrustBundle + is + + allowed not to exist. If using signerName, then the combination + of + + signerName and labelSelector is allowed to match zero + + ClusterTrustBundles.' + type: boolean + path: + description: Relative path from the volume root to write the + bundle. + type: string + signerName: + description: 'Select all ClusterTrustBundles that match this + signer name. + + Mutually-exclusive with name. The contents of all selected + + ClusterTrustBundles will be unified and deduplicated.' + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap data to + project + properties: + items: + description: 'items if unspecified, each key-value pair in + the Data field of the referenced + + ConfigMap will be projected into the volume as a file whose + name is the + + key and content is the value. If specified, the listed keys + will be + + projected into the specified paths, and unlisted keys will + not be + + present. If a key is specified which is not present in the + ConfigMap, + + the volume setup will error unless it is marked optional. + Paths must be + + relative and may not contain the ''..'' path or start with + ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set + permissions on this file. + + Must be an octal value between 0000 and 0777 or a + decimal value between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that + affect the file + + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file + to map the key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards + compatibility is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value + + between 0000 and 0777 or a decimal value between 0 + and 511. + + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that + affect the file + + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests + + (limits.cpu, limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data to project + properties: + items: + description: 'items if unspecified, each key-value pair in + the Data field of the referenced + + Secret will be projected into the volume as a file whose + name is the + + key and content is the value. If specified, the listed keys + will be + + projected into the specified paths, and unlisted keys will + not be + + present. If a key is specified which is not present in the + Secret, + + the volume setup will error unless it is marked optional. + Paths must be + + relative and may not contain the ''..'' path or start with + ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set + permissions on this file. + + Must be an octal value between 0000 and 0777 or a + decimal value between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that + affect the file + + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file + to map the key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards + compatibility is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional field specify whether the Secret or + its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken + data to project + properties: + audience: + description: 'audience is the intended audience of the token. + A recipient of a token + + must identify itself with an identifier specified in the + audience of the + + token, and otherwise should reject the token. The audience + defaults to the + + identifier of the apiserver.' + type: string + expirationSeconds: + description: 'expirationSeconds is the requested duration + of validity of the service + + account token. As the token approaches expiration, the kubelet + volume + + plugin will proactively rotate the service account token. + The kubelet will + + start trying to rotate the token if the token is older than + 80 percent of + + its time to live or if the token is older than 24 hours.Defaults + to 1 hour + + and must be at least 10 minutes.' + format: int64 + type: integer + path: + description: 'path is the path relative to the mount point + of the file to project the + + token into.' + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: 'quobyte represents a Quobyte mount on the host that shares + a pod''s lifetime. + + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer + supported.' + properties: + group: + description: 'group to map volume access to + + Default is no group' + type: string + readOnly: + description: 'readOnly here will force the Quobyte volume to be mounted + with read-only permissions. + + Defaults to false.' + type: boolean + registry: + description: 'registry represents a single or multiple Quobyte Registry + services + + specified as a string as host:port pair (multiple entries are separated + with commas) + + which acts as the central registry for volumes' + type: string + tenant: + description: 'tenant owning the given Quobyte volume in the Backend + + Used with dynamically provisioned Quobyte volumes, value is set by + the plugin' + type: string + user: + description: 'user to map volume access to + + Defaults to serivceaccount user' + type: string + volume: + description: volume is a string that references an already created Quobyte + volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the host that + shares a pod''s lifetime. + + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. + + More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume that you want + to mount. + + Tip: Ensure that the filesystem type is supported by the host operating + system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd' + type: string + image: + description: 'image is the rados image name. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + default: /etc/ceph/keyring + description: 'keyring is the path to key ring for RBDUser. + + Default is /etc/ceph/keyring. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: 'pool is the rados pool name. + + Default is rbd. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. + + Defaults to false. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret for RBDUser. + If provided + + overrides keyring. + + Default is nil. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: 'user is the rados user name. + + Default is admin. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: 'scaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer + supported.' + properties: + fsType: + default: xfs + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". + + Default is "xfs".' + type: string + gateway: + description: gateway is the host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: 'readOnly Defaults to false (read/write). ReadOnly here + will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef references to the secret for ScaleIO user and + other + + sensitive information. If this is not provided, Login operation will + fail.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication with Gateway, + default false + type: boolean + storageMode: + default: ThinProvisioned + description: 'storageMode indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. + + Default is ThinProvisioned.' + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: system is the name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: 'volumeName is the name of a volume already created in + the ScaleIO system + + that is associated with this volume source.' + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate this volume. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to set permissions + on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values + + for mode bits. Defaults to 0644. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: 'items If unspecified, each key-value pair in the Data + field of the referenced + + Secret will be projected into the volume as a file whose name is the + + key and content is the value. If specified, the listed keys will be + + projected into the specified paths, and unlisted keys will not be + + present. If a key is specified which is not present in the Secret, + + the volume setup will error unless it is marked optional. Paths must + be + + relative and may not contain the ''..'' path or start with ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set permissions + on this file. + + Must be an octal value between 0000 and 0777 or a decimal value + between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that affect the + file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file to map the + key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must + be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the pod''s namespace + to use. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: 'storageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + + Deprecated: StorageOS is deprecated and the in-tree storageos type is + no longer supported.' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly here + will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef specifies the secret to use for obtaining the + StorageOS API + + credentials. If not specified, default values will be attempted.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: 'volumeName is the human-readable name of the StorageOS + volume. Volume + + names are only unique within a namespace.' + type: string + volumeNamespace: + description: 'volumeNamespace specifies the scope of the volume within + StorageOS. If no + + namespace is specified then the Pod''s namespace will be used. This + allows the + + Kubernetes name scoping to be mirrored within StorageOS for tighter + integration. + + Set VolumeName to any name to override the default behaviour. + + Set to "default" if you are not using namespaces within StorageOS. + + Namespaces that do not pre-exist within StorageOS will be created.' + type: string + type: object + vsphereVolume: + description: 'vsphereVolume represents a vSphere volume attached and mounted + on kubelets host machine. + + Deprecated: VsphereVolume is deprecated. All operations for the in-tree + vsphereVolume type + + are redirected to the csi.vsphere.vmware.com CSI driver.' + properties: + fsType: + description: 'fsType is filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based Management + (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array +required: +- featureGates +- image +- replicaCount +- service +- serviceAccount +- volumeMounts +- volumes +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/values.yaml new file mode 100644 index 0000000..4b671fc --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-gitops/values.yaml @@ -0,0 +1,117 @@ +# Default values for kubedb-gitops. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +# Docker registry fqdn used to pull app related images. +# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} +registryFQDN: ghcr.io + +image: + # Docker registry used to pull app container image + registry: kubedb + repository: kubedb-gitops + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: # +doc-gen:break + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + +service: + type: ClusterIP + port: 8081 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: /healthz + port: probes + initialDelaySeconds: 15 + periodSeconds: 20 +readinessProbe: + httpGet: + path: /readyz + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +featureGates: + Cassandra: false + ClickHouse: false + Druid: false + Elasticsearch: false + FerretDB: false + Kafka: false + MariaDB: false + Memcached: false + MongoDB: false + MSSQLServer: false + MySQL: false + PerconaXtraDB: false + PgBouncer: false + Pgpool: false + Postgres: false + ProxySQL: false + RabbitMQ: false + Redis: false + Singlestore: false + Solr: false + ZooKeeper: false diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/Chart.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/Chart.yaml index 537f855..63d1bfe 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2025.2.19 +appVersion: v2025.3.24 description: KubeStash Catalog by AppsCode - Catalog of KubeStash Addons home: https://kubestash.com icon: https://cdn.appscode.com/images/products/stash/stash-community-icon.png @@ -10,4 +10,4 @@ name: kubedb-kubestash-catalog sources: - https://github.com/kuebstash type: application -version: v2025.2.19 +version: v2025.3.24 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/README.md similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/README.md index cb3aac6..80a5665 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-kubestash-catalog --version=v2025.2.19 -$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.2.19 +$ helm search repo appscode/kubedb-kubestash-catalog --version=v2025.3.24 +$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys Stash catalog on a [Kubernetes](http://kubernetes.io) cluster To install/upgrade the chart with the release name `kubedb-kubestash-catalog`: ```bash -$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.2.19 +$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.3.24 ``` The command deploys Stash catalog on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -106,12 +106,12 @@ The following table lists the configurable parameters of the `kubedb-kubestash-c Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.2.19 --set proxies.ghcr=ghcr.io +$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.3.24 --set proxies.ghcr=ghcr.io ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.2.19 --values values.yaml +$ helm upgrade -i kubedb-kubestash-catalog appscode/kubedb-kubestash-catalog -n stash --create-namespace --version=v2025.3.24 --values values.yaml ``` diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_addons.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_addons.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_addons.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_addons.yaml index b0be089..ec5cb19 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_addons.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_addons.yaml @@ -127,10 +127,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -530,6 +532,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -776,6 +779,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -783,6 +787,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -794,6 +799,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -802,6 +808,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -819,6 +826,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -1120,10 +1128,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1523,6 +1533,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -1769,6 +1780,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -1776,6 +1788,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -1787,6 +1800,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -1795,6 +1809,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -1812,6 +1827,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_functions.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_functions.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_functions.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_functions.yaml index 27f84c2..2f44b94 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_functions.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_functions.yaml @@ -315,6 +315,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -401,6 +402,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -469,6 +471,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/druid/druid-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/druid/druid-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/druid/druid-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/druid/druid-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-backup.yaml index f8814c3..b3c8c9d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-backup.yaml @@ -20,5 +20,5 @@ spec: - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --es-args=${args:={{ .Values.elasticsearch.args }}} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-backup.yaml index 3c48f24..007e5b8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-backup.yaml @@ -18,5 +18,5 @@ spec: - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/dashboard-restic-plugin") $) }}:v0.10.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/dashboard-restic-plugin") $) }}:v0.11.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-restore.yaml index 15b723e..b61f8ab 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-dashboard-restore.yaml @@ -19,5 +19,5 @@ spec: - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/dashboard-restic-plugin") $) }}:v0.10.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/dashboard-restic-plugin") $) }}:v0.11.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-restore.yaml index 157a8f0..063dc48 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/elasticsearch/elasticsearch-restore.yaml @@ -21,5 +21,5 @@ spec: - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --es-args=${args:={{ .Values.elasticsearch.args }}} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-backup.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-backup.yaml index 5a416c1..44d92d8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-backup.yaml @@ -12,5 +12,5 @@ spec: - --backupsession=${backupSession:=} - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/kubedb-manifest-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/kubedb-manifest-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-restore.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-restore.yaml index f2258fd..cab7b5a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbmanifest/kubedbmanifest-restore.yaml @@ -13,5 +13,5 @@ spec: - --snapshot=${snapshot:=} - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/kubedb-manifest-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/kubedb-manifest-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbverifier/kubedbverifier.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbverifier/kubedbverifier.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbverifier/kubedbverifier.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/kubedbverifier/kubedbverifier.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-backup.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-backup.yaml index fcffaec..3cf533f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-backup.yaml @@ -19,5 +19,5 @@ spec: - --scratch-dir=${scratchDir:=} - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --mariadb-args=${args:={{ .Values.mariadb.args }}} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-restic-plugin") $) }}:v0.10.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-restic-plugin") $) }}:v0.11.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-csi-snapshotter.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-csi-snapshotter.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-csi-snapshotter.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-csi-snapshotter.yaml index 58bb791..537dd3d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-csi-snapshotter.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-csi-snapshotter.yaml @@ -16,5 +16,5 @@ spec: - --namespace=${namespace:=default} - --volume-snapshot-class-name=${volumeSnapshotClassName:=} - --backupsession=${backupSession:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-csi-snapshotter-plugin") $) }}:v0.12.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-csi-snapshotter-plugin") $) }}:v0.13.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-restore.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-restore.yaml index fec99f4..68a5a5a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mariadb/mariadb-restore.yaml @@ -20,5 +20,5 @@ spec: - --scratch-dir=${scratchDir:=} - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --mariadb-args=${args:={{ .Values.mariadb.args }}} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-restic-plugin") $) }}:v0.10.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mariadb-restic-plugin") $) }}:v0.11.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-backup.yaml index 945d655..420a0ae 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-backup.yaml @@ -29,5 +29,5 @@ spec: - 5.0.15 - 6.0.5 - 8.0.3 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-csi-snapshotter.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-csi-snapshotter.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-csi-snapshotter.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-csi-snapshotter.yaml index d600071..359726f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-csi-snapshotter.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-csi-snapshotter.yaml @@ -16,5 +16,5 @@ spec: - --namespace=${namespace:=default} - --volume-snapshot-class-name=${volumeSnapshotClassName:=} - --backupsession=${backupSession:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-csi-snapshotter-plugin") $) }}:v0.13.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-csi-snapshotter-plugin") $) }}:v0.14.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-restore.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-restore.yaml index 6c0307e..5f14716 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mongodb/mongodb-restore.yaml @@ -29,5 +29,5 @@ spec: - 5.0.3 - 5.0.15 - 6.0.5 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mongodb-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-backup.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-backup.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-restore.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mssqlserver/mssqlserver-restore.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-backup.yaml index 294e3c6..9e6ffc5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-backup.yaml @@ -25,5 +25,5 @@ spec: - 5.7.25 - 8.0.3 - 8.0.21 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-csi-snapshotter.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-csi-snapshotter.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-csi-snapshotter.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-csi-snapshotter.yaml index 3476dbd..b3a0d28 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-csi-snapshotter.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-csi-snapshotter.yaml @@ -16,5 +16,5 @@ spec: - --namespace=${namespace:=default} - --volume-snapshot-class-name=${volumeSnapshotClassName:=} - --backupsession=${backupSession:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-csi-snapshotter-plugin") $) }}:v0.13.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-csi-snapshotter-plugin") $) }}:v0.14.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-backup.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-backup.yaml index 69a0991..054e801 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-backup.yaml @@ -26,5 +26,5 @@ spec: - 8.1.0 - 8.2.0 - 8.4.0 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/xtrabackup-restic-plugin") $) }}:v0.1.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/xtrabackup-restic-plugin") $) }}:v0.2.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-restore.yaml index bccb480..6044ee9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-physical-restore.yaml @@ -27,5 +27,5 @@ spec: - 8.1.0 - 8.2.0 - 8.4.0 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/xtrabackup-restic-plugin") $) }}:v0.1.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/xtrabackup-restic-plugin") $) }}:v0.2.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-restore.yaml index 588ac7d..2ad541f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/mysql/mysql-restore.yaml @@ -25,5 +25,5 @@ spec: - 5.7.25 - 8.0.3 - 8.0.21 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/mysql-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-backup.yaml index d070c90..6587d7b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-backup.yaml @@ -20,5 +20,5 @@ spec: - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --es-args=${args:={{ .Values.opensearch.args }}} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-backup.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-backup.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-restore.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-dashboard-restore.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-restore.yaml index b2af06c..b35e76f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/opensearch/opensearch-restore.yaml @@ -21,5 +21,5 @@ spec: - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --es-args=${args:={{ .Values.opensearch.args }}} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/elasticsearch-restic-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-backup.yaml index 15482ce..924789c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-backup.yaml @@ -26,5 +26,5 @@ spec: - "14.10" - "16.1" - "17.2" - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-csi-snapshotter.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-csi-snapshotter.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-csi-snapshotter.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-csi-snapshotter.yaml index 1eefdac..41d2395 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-csi-snapshotter.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-csi-snapshotter.yaml @@ -16,5 +16,5 @@ spec: - --namespace=${namespace:=default} - --volume-snapshot-class-name=${volumeSnapshotClassName:=} - --backupsession=${backupSession:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-csi-snapshotter-plugin") $) }}:v0.13.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-csi-snapshotter-plugin") $) }}:v0.14.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup-restore.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup-restore.yaml index bb03f54..92092c9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup-restore.yaml @@ -23,5 +23,5 @@ spec: - --user=${user:=} - --restore-cmd=${restoreCmd:=} - --restore-path=${restorePath:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.15.0_16.1' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.16.0_16.1' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup.yaml index 3c98656..bb16ae6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-physical-backup.yaml @@ -24,5 +24,5 @@ spec: availableVersions: - "16.1" - "17.2" - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-restore.yaml index ac6360f..e1f0e8e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/postgres/postgres-restore.yaml @@ -26,5 +26,5 @@ spec: - "14.10" - "16.1" - "17.2" - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.15.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/postgres-restic-plugin") $) }}:v0.16.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-backup.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-backup.yaml index 1c0e2f4..c7b7ac9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-backup.yaml @@ -19,5 +19,5 @@ spec: - --scratch-dir=${scratchDir:=} - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --redis-args=${args:={{ .Values.redis.args }}} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-restic-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-restic-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-restore.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-restore.yaml index 856ee08..2d7bfa6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/redis/redis-restore.yaml @@ -20,5 +20,5 @@ spec: - --scratch-dir=${scratchDir:=} - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --redis-args=${args:={{ .Values.redis.args }}} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-restic-plugin") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/redis-restic-plugin") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-backup.yaml similarity index 93% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-backup.yaml index 7c470b3..3feb02d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-backup.yaml @@ -23,5 +23,5 @@ spec: availableVersions: - alma-8.1.32-e3d3cde6da - alma-8.5.7-bf633c1a54 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-restic-plugin") $) }}:v0.10.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-restic-plugin") $) }}:v0.11.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-restore.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-restore.yaml index 58d7f01..7ade095 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/singlestore/singlestore-restore.yaml @@ -24,5 +24,5 @@ spec: availableVersions: - alma-8.1.32-e3d3cde6da - alma-8.5.7-bf633c1a54 - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-restic-plugin") $) }}:v0.10.0_${DB_VERSION}' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/singlestore-restic-plugin") $) }}:v0.11.0_${DB_VERSION}' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-addon.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-addon.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-addon.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-addon.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-backup.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-backup.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-backup.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-backup.yaml index f51062e..fa7c223 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-backup.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-backup.yaml @@ -20,5 +20,5 @@ spec: - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --zookeeper-args=${args:={{ .Values.zookeeper.args }}} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/zookeeper-restic-plugin") $) }}:v0.8.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/zookeeper-restic-plugin") $) }}:v0.9.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-restore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-restore.yaml similarity index 95% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-restore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-restore.yaml index cd3661c..f8a8cd7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-restore.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/templates/zookeeper/zookeeper-restore.yaml @@ -21,5 +21,5 @@ spec: - --wait-timeout=${waitTimeout:={{ .Values.waitTimeout}}} - --zookeeper-args=${args:={{ .Values.zookeeper.args }}} - --interim-data-dir=${interimDataDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/zookeeper-restic-plugin") $) }}:v0.8.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubedb/zookeeper-restic-plugin") $) }}:v0.9.0' {{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/values.openapiv3_schema.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/values.openapiv3_schema.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/values.openapiv3_schema.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-kubestash-catalog/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/Chart.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/Chart.yaml index f076ad5..de406e0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2025.2.19 +appVersion: v2025.3.24 description: KubeDB State Metrics home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-community-icon.png @@ -10,4 +10,4 @@ name: kubedb-metrics sources: - https://github.com/kubedb type: application -version: v2025.2.19 +version: v2025.3.24 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/README.md similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/README.md index c2a3fc3..22afd0c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-metrics --version=v2025.2.19 -$ helm upgrade -i kubedb-metrics appscode/kubedb-metrics -n kubedb --create-namespace --version=v2025.2.19 +$ helm search repo appscode/kubedb-metrics --version=v2025.3.24 +$ helm upgrade -i kubedb-metrics appscode/kubedb-metrics -n kubedb --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys KubeDB metrics configurations on a [Kubernetes](http://kubern To install/upgrade the chart with the release name `kubedb-metrics`: ```bash -$ helm upgrade -i kubedb-metrics appscode/kubedb-metrics -n kubedb --create-namespace --version=v2025.2.19 +$ helm upgrade -i kubedb-metrics appscode/kubedb-metrics -n kubedb --create-namespace --version=v2025.3.24 ``` The command deploys KubeDB metrics configurations on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/NOTES.txt similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/NOTES.txt diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/cassandra/catalog-kubedb-com-cassandraversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/cassandra/catalog-kubedb-com-cassandraversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/cassandra/catalog-kubedb-com-cassandraversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/cassandra/catalog-kubedb-com-cassandraversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/cassandra/kubedb-com-cassandra.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/cassandra/kubedb-com-cassandra.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/cassandra/kubedb-com-cassandra.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/cassandra/kubedb-com-cassandra.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/clickhouse/catalog-kubedb-com-clickhouseversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/clickhouse/catalog-kubedb-com-clickhouseversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/clickhouse/catalog-kubedb-com-clickhouseversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/clickhouse/catalog-kubedb-com-clickhouseversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/clickhouse/kubedb-com-clickhouse.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/clickhouse/kubedb-com-clickhouse.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/clickhouse/kubedb-com-clickhouse.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/clickhouse/kubedb-com-clickhouse.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/connectcluster/kafka-kubedb-com-connectcluster.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/connectcluster/kafka-kubedb-com-connectcluster.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/connectcluster/kafka-kubedb-com-connectcluster.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/connectcluster/kafka-kubedb-com-connectcluster.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/druid/catalog-kubedb-com-druidversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/druid/catalog-kubedb-com-druidversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/druid/catalog-kubedb-com-druidversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/druid/catalog-kubedb-com-druidversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/druid/kubedb-com-druid.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/druid/kubedb-com-druid.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/druid/kubedb-com-druid.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/druid/kubedb-com-druid.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/elasticsearch/catalog-kubedb-com-elasticsearchversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/elasticsearch/catalog-kubedb-com-elasticsearchversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/elasticsearch/catalog-kubedb-com-elasticsearchversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/elasticsearch/catalog-kubedb-com-elasticsearchversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/elasticsearch/kubedb-com-elasticsearch.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/elasticsearch/kubedb-com-elasticsearch.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/elasticsearch/kubedb-com-elasticsearch.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/elasticsearch/kubedb-com-elasticsearch.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/elasticsearch/ops-kubedb-com-elasticsearchopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/elasticsearch/ops-kubedb-com-elasticsearchopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/elasticsearch/ops-kubedb-com-elasticsearchopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/elasticsearch/ops-kubedb-com-elasticsearchopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/ferretdb/catalog-kubedb-com-ferretdbversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/ferretdb/catalog-kubedb-com-ferretdbversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/ferretdb/catalog-kubedb-com-ferretdbversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/ferretdb/catalog-kubedb-com-ferretdbversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/ferretdb/kubedb-com-ferretdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/ferretdb/kubedb-com-ferretdb.yaml similarity index 98% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/ferretdb/kubedb-com-ferretdb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/ferretdb/kubedb-com-ferretdb.yaml index de66596..17a79fd 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/ferretdb/kubedb-com-ferretdb.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/ferretdb/kubedb-com-ferretdb.yaml @@ -69,8 +69,6 @@ spec: valuePath: .spec.version - key: deletionPolicy valuePath: .spec.deletionPolicy - - key: backend - valuePath: .spec.backend.postgresRef.name metricValue: value: 1 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/kafka/catalog-kubedb-com-kafkaversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/kafka/catalog-kubedb-com-kafkaversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/kafka/catalog-kubedb-com-kafkaversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/kafka/catalog-kubedb-com-kafkaversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/kafka/kubedb-com-kafka.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/kafka/kubedb-com-kafka.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/kafka/kubedb-com-kafka.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/kafka/kubedb-com-kafka.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/kafka/ops-kubedb-com-kafkaopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/kafka/ops-kubedb-com-kafkaopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/kafka/ops-kubedb-com-kafkaopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/kafka/ops-kubedb-com-kafkaopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/catalog-kubedb-com-mariadbversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/catalog-kubedb-com-mariadbversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/catalog-kubedb-com-mariadbversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/catalog-kubedb-com-mariadbversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/kubedb-com-mariadb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/kubedb-com-mariadb.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/kubedb-com-mariadb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/kubedb-com-mariadb.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/ops-kubedb-com-mariadbopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/ops-kubedb-com-mariadbopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/ops-kubedb-com-mariadbopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/ops-kubedb-com-mariadbopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/schema-kubedb-com-mariadbdatabase.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/schema-kubedb-com-mariadbdatabase.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mariadb/schema-kubedb-com-mariadbdatabase.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mariadb/schema-kubedb-com-mariadbdatabase.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/memcached/catalog-kubedb-com-memcachedversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/memcached/catalog-kubedb-com-memcachedversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/memcached/catalog-kubedb-com-memcachedversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/memcached/catalog-kubedb-com-memcachedversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/memcached/kubedb-com-memcached.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/memcached/kubedb-com-memcached.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/memcached/kubedb-com-memcached.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/memcached/kubedb-com-memcached.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/catalog-kubedb-com-mongodbversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/catalog-kubedb-com-mongodbversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/catalog-kubedb-com-mongodbversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/catalog-kubedb-com-mongodbversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/kubedb-com-mongodb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/kubedb-com-mongodb.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/kubedb-com-mongodb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/kubedb-com-mongodb.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/ops-kubedb-com-mongodbopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/ops-kubedb-com-mongodbopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/ops-kubedb-com-mongodbopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/ops-kubedb-com-mongodbopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/schema-kubedb-com-mongodbdatabase.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/schema-kubedb-com-mongodbdatabase.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mongodb/schema-kubedb-com-mongodbdatabase.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mongodb/schema-kubedb-com-mongodbdatabase.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mssqlserver/catalog-kubedb-com-mssqlserverversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mssqlserver/catalog-kubedb-com-mssqlserverversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mssqlserver/catalog-kubedb-com-mssqlserverversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mssqlserver/catalog-kubedb-com-mssqlserverversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mssqlserver/kubedb-com-mssqlserver.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mssqlserver/kubedb-com-mssqlserver.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mssqlserver/kubedb-com-mssqlserver.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mssqlserver/kubedb-com-mssqlserver.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/catalog-kubedb-com-mysqlversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/catalog-kubedb-com-mysqlversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/catalog-kubedb-com-mysqlversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/catalog-kubedb-com-mysqlversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/kubedb-com-mysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/kubedb-com-mysql.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/kubedb-com-mysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/kubedb-com-mysql.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/ops-kubedb-com-mysqlopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/ops-kubedb-com-mysqlopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/ops-kubedb-com-mysqlopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/ops-kubedb-com-mysqlopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/schema-kubedb-com-mysqldatabase.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/schema-kubedb-com-mysqldatabase.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/mysql/schema-kubedb-com-mysqldatabase.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/mysql/schema-kubedb-com-mysqldatabase.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/perconaxtradb/catalog-kubedb-com-perconaxtradbversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/perconaxtradb/catalog-kubedb-com-perconaxtradbversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/perconaxtradb/catalog-kubedb-com-perconaxtradbversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/perconaxtradb/catalog-kubedb-com-perconaxtradbversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/perconaxtradb/kubedb-com-perconaxtradb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/perconaxtradb/kubedb-com-perconaxtradb.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/perconaxtradb/kubedb-com-perconaxtradb.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/perconaxtradb/kubedb-com-perconaxtradb.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/perconaxtradb/ops-kubedb-com-perconaxtradbopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/perconaxtradb/ops-kubedb-com-perconaxtradbopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/perconaxtradb/ops-kubedb-com-perconaxtradbopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/perconaxtradb/ops-kubedb-com-perconaxtradbopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgbouncer/catalog-kubedb-com-pgbouncerversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgbouncer/catalog-kubedb-com-pgbouncerversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgbouncer/catalog-kubedb-com-pgbouncerversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgbouncer/catalog-kubedb-com-pgbouncerversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgbouncer/kubedb-com-pgbouncer.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgbouncer/kubedb-com-pgbouncer.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgbouncer/kubedb-com-pgbouncer.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgbouncer/kubedb-com-pgbouncer.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgbouncer/ops-kubedb-com-pgbounceropsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgbouncer/ops-kubedb-com-pgbounceropsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgbouncer/ops-kubedb-com-pgbounceropsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgbouncer/ops-kubedb-com-pgbounceropsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgpool/catalog-kubedb-com-pgpoolversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgpool/catalog-kubedb-com-pgpoolversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgpool/catalog-kubedb-com-pgpoolversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgpool/catalog-kubedb-com-pgpoolversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgpool/kubedb-com-pgpool.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgpool/kubedb-com-pgpool.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/pgpool/kubedb-com-pgpool.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/pgpool/kubedb-com-pgpool.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/catalog-kubedb-com-postgresversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/catalog-kubedb-com-postgresversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/catalog-kubedb-com-postgresversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/catalog-kubedb-com-postgresversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/kubedb-com-postgres.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/kubedb-com-postgres.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/kubedb-com-postgres.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/kubedb-com-postgres.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/ops-kubedb-com-postgresopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/ops-kubedb-com-postgresopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/ops-kubedb-com-postgresopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/ops-kubedb-com-postgresopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/schema-kubedb-com-postgresdatabase.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/schema-kubedb-com-postgresdatabase.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/postgres/schema-kubedb-com-postgresdatabase.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/postgres/schema-kubedb-com-postgresdatabase.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/proxysql/catalog-kubedb-com-proxysqlversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/proxysql/catalog-kubedb-com-proxysqlversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/proxysql/catalog-kubedb-com-proxysqlversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/proxysql/catalog-kubedb-com-proxysqlversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/proxysql/kubedb-com-proxysql.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/proxysql/kubedb-com-proxysql.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/proxysql/kubedb-com-proxysql.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/proxysql/kubedb-com-proxysql.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/proxysql/ops-kubedb-com-proxysqlopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/proxysql/ops-kubedb-com-proxysqlopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/proxysql/ops-kubedb-com-proxysqlopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/proxysql/ops-kubedb-com-proxysqlopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/rabbitmq/catalog-kubedb-com-rabbitmqversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/rabbitmq/catalog-kubedb-com-rabbitmqversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/rabbitmq/catalog-kubedb-com-rabbitmqversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/rabbitmq/catalog-kubedb-com-rabbitmqversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/rabbitmq/kubedb-com-rabbitmq.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/rabbitmq/kubedb-com-rabbitmq.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/rabbitmq/kubedb-com-rabbitmq.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/rabbitmq/kubedb-com-rabbitmq.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/catalog-kubedb-com-redisversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/catalog-kubedb-com-redisversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/catalog-kubedb-com-redisversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/catalog-kubedb-com-redisversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redis.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redis.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redis.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redis.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redissentinel.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redissentinel.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redissentinel.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/kubedb-com-redissentinel.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/ops-kubedb-com-redisopsrequest.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/ops-kubedb-com-redisopsrequest.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/redis/ops-kubedb-com-redisopsrequest.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/redis/ops-kubedb-com-redisopsrequest.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/singlestore/catalog-kubedb-com-singlestoreversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/singlestore/catalog-kubedb-com-singlestoreversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/singlestore/catalog-kubedb-com-singlestoreversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/singlestore/catalog-kubedb-com-singlestoreversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/singlestore/kubedb-com-singlestore.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/singlestore/kubedb-com-singlestore.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/singlestore/kubedb-com-singlestore.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/singlestore/kubedb-com-singlestore.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/solr/catalog-kubedb-com-solrversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/solr/catalog-kubedb-com-solrversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/solr/catalog-kubedb-com-solrversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/solr/catalog-kubedb-com-solrversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/solr/kubedb-com-solr.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/solr/kubedb-com-solr.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/solr/kubedb-com-solr.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/solr/kubedb-com-solr.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/zookeeper/catalog-kubedb-com-zookeeperversion.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/zookeeper/catalog-kubedb-com-zookeeperversion.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/zookeeper/catalog-kubedb-com-zookeeperversion.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/zookeeper/catalog-kubedb-com-zookeeperversion.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/zookeeper/kubedb-com-zookeeper.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/zookeeper/kubedb-com-zookeeper.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/templates/zookeeper/kubedb-com-zookeeper.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/templates/zookeeper/kubedb-com-zookeeper.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-metrics/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-metrics/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/Chart.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/Chart.yaml index e9e719d..812c410 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.39.0 +appVersion: v0.40.0 description: KubeDB Ops Manager by AppsCode - Enterprise features for KubeDB home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-ops-manager-icon.png @@ -9,4 +9,4 @@ maintainers: name: kubedb-ops-manager sources: - https://github.com/kubedb -version: v0.39.0 +version: v0.40.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/README.md similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/README.md index baeebc7..967ac3d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-ops-manager --version=v0.39.0 -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.39.0 +$ helm search repo appscode/kubedb-ops-manager --version=v0.40.0 +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.40.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB Ops Manager operator on a [Kubernetes](http://kubern To install/upgrade the chart with the release name `kubedb-ops-manager`: ```bash -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.39.0 +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.40.0 ``` The command deploys a KubeDB Ops Manager operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -94,12 +94,12 @@ The following table lists the configurable parameters of the `kubedb-ops-manager Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.39.0 --set replicaCount=1 +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.40.0 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.39.0 --values values.yaml +$ helm upgrade -i kubedb-ops-manager appscode/kubedb-ops-manager -n kubedb --create-namespace --version=v0.40.0 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/crds/supervisor.appscode.com_recommendations.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/crds/supervisor.appscode.com_recommendations.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/crds/supervisor.appscode.com_recommendations.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/crds/supervisor.appscode.com_recommendations.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/NOTES.txt new file mode 100644 index 0000000..9b677af --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that KubeDB Ops Manager has started, run: + + kubectl get statefulset --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-ops-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/license-checker-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/license-checker-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/license-checker-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/license-checker-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/license-reader-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/license-reader-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/license-reader-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/license-reader-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/license.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/license.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/license.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/license.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/operator-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/operator-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/operator-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/operator-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/service-headless.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/service-headless.yaml new file mode 100644 index 0000000..abde254 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/service-headless.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubedb-ops-manager.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-ops-manager.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: metrics + port: {{ .Values.monitoring.bindPort }} + - name: probes + port: {{ .Values.apiserver.healthcheck.probePort }} + selector: + {{- include "kubedb-ops-manager.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/service.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/service.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/servicemonitor.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/servicemonitor.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/statefulset.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/statefulset.yaml index 9aa2af9..99e091e 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/templates/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/templates/statefulset.yaml @@ -23,7 +23,7 @@ {{- end }} apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: {{ include "kubedb-ops-manager.fullname" . }} namespace: {{ .Release.Namespace }} @@ -35,6 +35,8 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + serviceName: {{ include "kubedb-ops-manager.fullname" . }}-headless selector: matchLabels: {{- include "kubedb-ops-manager.selectorLabels" . | nindent 6 }} @@ -163,9 +165,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "kubedb-ops-manager.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/values.openapiv3_schema.yaml new file mode 100644 index 0000000..bce5f48 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/values.openapiv3_schema.yaml @@ -0,0 +1,2382 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + env: + description: 'List of environment variables to set in the container. + + Cannot be updated.' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + + using the previously defined environment variables in the container and + + any service environment variables. If a variable cannot be resolved, + + the reference in the input string will be unchanged. Double $$ are reduced + + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + + Escaped references will never be expanded, regardless of whether the variable + + exists or not. + + Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used + if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits + and requests + + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: 'List of sources to populate environment variables in the container. + + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + + will be reported as an event when the container is starting. When a key exists + in multiple + + sources, the value associated with the last source will take precedence. + + Values defined by an Env with a duplicate key will take precedence. + + Cannot be updated.' + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you locate + the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + insecureRegistries: + items: + type: string + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + psp: + properties: + enabled: + type: boolean + required: + - enabled + type: object + recommendationEngine: + properties: + genRotateTLSRecommendationBeforeExpiryDay: + type: integer + genRotateTLSRecommendationBeforeExpiryMonth: + type: integer + genRotateTLSRecommendationBeforeExpiryYear: + type: integer + recommendationResyncPeriod: + type: string + required: + - genRotateTLSRecommendationBeforeExpiryDay + - genRotateTLSRecommendationBeforeExpiryMonth + - genRotateTLSRecommendationBeforeExpiryYear + - recommendationResyncPeriod + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object +required: +- apiserver +- imagePullPolicy +- insecureRegistries +- monitoring +- operator +- psp +- registryFQDN +- replicaCount +- serviceAccount +- waitfor +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-ops-manager/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-ops-manager/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/Chart.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/Chart.yaml index 2ae8929..51c4d90 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.52.0 +appVersion: v0.53.0 description: KubeDB Provisioner by AppsCode - Community features for KubeDB home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-community-icon.png @@ -9,4 +9,4 @@ maintainers: name: kubedb-provisioner sources: - https://github.com/kubedb -version: v0.52.0 +version: v0.53.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/README.md similarity index 98% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/README.md index 6c8dfec..729241a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-provisioner --version=v0.52.0 -$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.52.0 +$ helm search repo appscode/kubedb-provisioner --version=v0.53.0 +$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.53.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB Provisioner operator on a [Kubernetes](http://kubern To install/upgrade the chart with the release name `kubedb-provisioner`: ```bash -$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.52.0 +$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.53.0 ``` The command deploys a KubeDB Provisioner operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -92,12 +92,12 @@ The following table lists the configurable parameters of the `kubedb-provisioner Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.52.0 --set replicaCount=1 +$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.53.0 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.52.0 --values values.yaml +$ helm upgrade -i kubedb-provisioner appscode/kubedb-provisioner -n kubedb --create-namespace --version=v0.53.0 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/crds/operator.k8s.appscode.com_shardconfigurations.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/crds/operator.k8s.appscode.com_shardconfigurations.yaml new file mode 100644 index 0000000..60be647 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/crds/operator.k8s.appscode.com_shardconfigurations.yaml @@ -0,0 +1,114 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: shardconfigurations.operator.k8s.appscode.com +spec: + group: operator.k8s.appscode.com + names: + kind: ShardConfiguration + listKind: ShardConfigurationList + plural: shardconfigurations + singular: shardconfiguration + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + controllers: + items: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - name + type: object + minItems: 1 + type: array + resources: + items: + properties: + apiGroup: + type: string + kind: + type: string + type: object + minItems: 1 + type: array + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + observedGeneration: + format: int64 + type: integer + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + maxItems: 12 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllers: + items: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + pods: + items: + type: string + type: array + required: + - name + type: object + type: array + phase: + enum: + - Pending + - Current + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/NOTES.txt new file mode 100644 index 0000000..c6c7a24 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that KubeDB provisioner has started, run: + + kubectl get statefulset --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-provisioner.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/cluster-role.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/cluster-role.yaml index d20dea1..3f6ac09 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/cluster-role.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/cluster-role.yaml @@ -10,6 +10,14 @@ rules: resources: - customresourcedefinitions verbs: ["*"] +- apiGroups: + - operator.k8s.appscode.com + resources: + - shardconfigurations + verbs: + - get + - list + - watch - apiGroups: - rbac.authorization.k8s.io resources: @@ -52,7 +60,7 @@ rules: - storage.k8s.io resources: - storageclasses - verbs: ["get"] + verbs: ["get", "list", "watch"] - apiGroups: - "" resources: @@ -230,4 +238,9 @@ rules: resources: - caproviderclasses verbs: [ "get", "list", "watch", "create" ] - +- apiGroups: + - virtual-secrets.dev + resources: + - secrets + - secrets/mount + verbs: [ "get","create", "list","watch", "patch","delete"] diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/license-checker-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/license-checker-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/license-checker-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/license-checker-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/license-reader-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/license-reader-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/license-reader-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/license-reader-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/license.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/license.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/license.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/license.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/operator-psp.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/operator-psp.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/operator-psp.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/operator-psp.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/service-headless.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/service-headless.yaml new file mode 100644 index 0000000..aae0959 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/service-headless.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubedb-provisioner.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-provisioner.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: metrics + port: {{ .Values.monitoring.bindPort }} + - name: probes + port: {{ .Values.apiserver.healthcheck.probePort }} + selector: + {{- include "kubedb-provisioner.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/service.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/service.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/servicemonitor.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/servicemonitor.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/shard-config.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/shard-config.yaml new file mode 100644 index 0000000..df2c71f --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/shard-config.yaml @@ -0,0 +1,19 @@ +{{- if gt (int .Values.replicaCount) 1 }} + +apiVersion: operator.k8s.appscode.com/v1alpha1 +kind: ShardConfiguration +metadata: + name: {{ include "kubedb-provisioner.name" . }} +spec: + controllers: + - apiGroup: apps + kind: StatefulSet + name: {{ include "kubedb-provisioner.fullname" . }} + namespace: {{ .Release.Namespace }} + resources: + - apiGroup: kubedb.com + - apiGroup: elasticsearch.kubedb.com + - apiGroup: kafka.kubedb.com + - apiGroup: postgres.kubedb.com + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/statefulset.yaml similarity index 90% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/statefulset.yaml index ed88b4e..2bab8bc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/templates/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/templates/statefulset.yaml @@ -23,7 +23,7 @@ {{- end }} apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: {{ include "kubedb-provisioner.fullname" . }} namespace: {{ .Release.Namespace }} @@ -35,6 +35,8 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + serviceName: {{ include "kubedb-provisioner.fullname" . }}-headless selector: matchLabels: {{- include "kubedb-provisioner.selectorLabels" . | nindent 6 }} @@ -80,6 +82,9 @@ spec: - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }} - --metrics-bind-address=:{{ .Values.monitoring.bindPort }} - --health-probe-bind-address=:{{ .Values.apiserver.healthcheck.probePort }} + {{- if gt (int .Values.replicaCount) 1 }} + - --shard-config={{ include "kubedb-provisioner.name" . }} + {{- end }} {{- include "docker.imagePullSecretFlags" . | nindent 8 }} {{- include "docker.insecureRegistries" . | nindent 8 }} {{- if include "appscode.licenseSecretName" . }} @@ -160,9 +165,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "kubedb-provisioner.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/values.openapiv3_schema.yaml new file mode 100644 index 0000000..b83c2de --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/values.openapiv3_schema.yaml @@ -0,0 +1,2372 @@ +properties: + additionalPodSecurityPolicies: + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + enforceTerminationPolicy: + type: boolean + env: + description: 'List of environment variables to set in the container. + + Cannot be updated.' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + + using the previously defined environment variables in the container and + + any service environment variables. If a variable cannot be resolved, + + the reference in the input string will be unchanged. Double $$ are reduced + + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + + Escaped references will never be expanded, regardless of whether the variable + + exists or not. + + Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used + if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits + and requests + + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: 'List of sources to populate environment variables in the container. + + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + + will be reported as an event when the container is starting. When a key exists + in multiple + + sources, the value associated with the last source will take precedence. + + Values defined by an Env with a duplicate key will take precedence. + + Cannot be updated.' + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you locate + the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + insecureRegistries: + items: + type: string + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + psp: + properties: + enabled: + type: boolean + required: + - enabled + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object +required: +- apiserver +- imagePullPolicy +- insecureRegistries +- monitoring +- operator +- psp +- registryFQDN +- replicaCount +- serviceAccount +- waitfor +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-provisioner/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-provisioner/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/Chart.lock b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/Chart.lock similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/Chart.lock rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/Chart.lock diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/Chart.yaml similarity index 92% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/Chart.yaml index dd2625b..4ae2c9d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.28.0 +appVersion: v0.29.0 dependencies: - condition: enableClusterRoles.licenselicenseProxyserver name: license-proxyserver-user-roles @@ -15,4 +15,4 @@ name: kubedb-schema-manager sources: - https://github.com/kubedb type: application -version: v0.28.0 +version: v0.29.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/README.md similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/README.md index 5d761bb..4dd51f8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-schema-manager --version=v0.28.0 -$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.28.0 +$ helm search repo appscode/kubedb-schema-manager --version=v0.29.0 +$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.29.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB schema manager operator on a [Kubernetes](http://kub To install/upgrade the chart with the release name `kubedb-schema-manager`: ```bash -$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.28.0 +$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.29.0 ``` The command deploys a KubeDB schema manager operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -87,12 +87,12 @@ The following table lists the configurable parameters of the `kubedb-schema-mana Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.28.0 --set replicaCount=1 +$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.29.0 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.28.0 --values values.yaml +$ helm upgrade -i kubedb-schema-manager appscode/kubedb-schema-manager -n kubedb --create-namespace --version=v0.29.0 --values values.yaml ``` diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/.helmignore similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/Chart.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/Chart.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/README.md similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/README.md diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-checker-cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-checker-cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-checker-cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-checker-cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-reader-cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-reader-cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-reader-cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/templates/license-reader-cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/charts/license-proxyserver-user-roles/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/NOTES.txt new file mode 100644 index 0000000..57fad39 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that KubeDB schema manager has started, run: + + kubectl get statefulset --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubedb-schema-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/cluster-role.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/cluster-role.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/license-checker-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/license-checker-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/license-checker-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/license-checker-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/license-reader-cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/license-reader-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/license-reader-cluster-role-binding.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/license-reader-cluster-role-binding.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/license.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/license.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/license.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/license.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/service-headless.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/service-headless.yaml new file mode 100644 index 0000000..43cb8d2 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/service-headless.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubedb-schema-manager.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-schema-manager.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: metrics + port: {{ .Values.monitoring.bindPort }} + - name: probes + port: {{ .Values.apiserver.healthcheck.probePort }} + selector: + {{- include "kubedb-schema-manager.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/service.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/service.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/servicemonitor.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/servicemonitor.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/statefulset.yaml similarity index 91% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/statefulset.yaml index 09e250e..a891296 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/templates/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/templates/statefulset.yaml @@ -23,7 +23,7 @@ {{- end }} apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: {{ include "kubedb-schema-manager.fullname" . }} namespace: {{ .Release.Namespace }} @@ -35,6 +35,8 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + serviceName: {{ include "kubedb-schema-manager.fullname" . }}-headless selector: matchLabels: {{- include "kubedb-schema-manager.selectorLabels" . | nindent 6 }} @@ -144,9 +146,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "kubedb-schema-manager.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/values.openapiv3_schema.yaml new file mode 100644 index 0000000..11cde38 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/values.openapiv3_schema.yaml @@ -0,0 +1,2148 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + enforceTerminationPolicy: + type: boolean + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you locate + the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object +required: +- apiserver +- imagePullPolicy +- monitoring +- operator +- registryFQDN +- replicaCount +- serviceAccount +- waitfor +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-schema-manager/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-schema-manager/values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/Chart.yaml similarity index 88% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/Chart.yaml index f32cfc0..9733b79 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.28.0 +appVersion: v0.29.0 description: KubeDB Webhook Server by AppsCode home: https://kubedb.com icon: https://cdn.appscode.com/images/products/kubedb/kubedb-community-icon.png @@ -9,4 +9,4 @@ maintainers: name: kubedb-webhook-server sources: - https://github.com/kubedb -version: v0.28.0 +version: v0.29.0 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/README.md similarity index 97% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/README.md rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/README.md index cf738db..256d896 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/README.md +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubedb-webhook-server --version=v0.28.0 -$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.28.0 +$ helm search repo appscode/kubedb-webhook-server --version=v0.29.0 +$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.29.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a KubeDB Provisioner operator on a [Kubernetes](http://kubern To install/upgrade the chart with the release name `kubedb-webhook-server`: ```bash -$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.28.0 +$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.29.0 ``` The command deploys a KubeDB Provisioner operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -97,7 +97,6 @@ The following table lists the configurable parameters of the `kubedb-webhook-ser | apiserver.ca | CA certificate used by the Kubernetes api server. This field is automatically assigned by the webhook server. | not-ca-cert | | apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | | apiserver.healthcheck.enabled | healthcheck configures the readiness and liveliness probes for the webhook server pod. | false | -| apiserver.port | Port used to expose the webhook server apiserver | 8443 | | apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate webhook servers pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | | apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | | apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | @@ -112,12 +111,12 @@ The following table lists the configurable parameters of the `kubedb-webhook-ser Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.28.0 --set replicaCount=1 +$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.29.0 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.28.0 --values values.yaml +$ helm upgrade -i kubedb-webhook-server appscode/kubedb-webhook-server -n kubedb --create-namespace --version=v0.29.0 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/NOTES.txt similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/NOTES.txt diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/_helpers.tpl similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/_helpers.tpl index c0d668b..710677d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/_helpers.tpl +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/_helpers.tpl @@ -99,7 +99,6 @@ Returns the ServiceMonitor labels {{- end }} {{- end }} - {{/* Prepare certs */}} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/autoscaler/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/autoscaler/mutating-webhook.yaml similarity index 50% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/autoscaler/mutating-webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/autoscaler/mutating-webhook.yaml index 6710ae7..e4204af 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/autoscaler/mutating-webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/autoscaler/mutating-webhook.yaml @@ -1,3 +1,5 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + {{ $featureGates := .Values.featureGates }} {{- if .Values.global }} {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} @@ -6,8 +8,6 @@ {{- if .Values.apiserver.enableMutatingWebhook }} {{- if list "kubedb-webhook-server" "kubedb-autoscaler" | has .Values.server.repository }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -16,19 +16,38 @@ metadata: app.kubernetes.io/component: kubedb-autoscaler {{- include "kubedb-webhook-server.labels" . | nindent 4 }} webhooks: -{{- if $featureGates.MongoDB }} -- name: mongodbautoscalerwebhook.mutators.autoscaling.kubedb.com +{{- if $featureGates.Cassandra }} +- name: cassandraautoscalerwebhook.mutators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-cassandraautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["cassandraautoscalers"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ClickHouse }} +- name: clickhouseautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/mongodbautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-clickhouseautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["mongodbautoscalers"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["clickhouseautoscalers"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None @@ -37,10 +56,11 @@ webhooks: - name: druidautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/druidautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-druidautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -50,36 +70,38 @@ webhooks: failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.RabbitMQ }} -- name: rabbitmqautoscalerwebhook.mutators.autoscaling.kubedb.com +{{- if $featureGates.Elasticsearch }} +- name: elasticsearchautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/rabbitmqautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-elasticsearchautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] - resources: ["rabbitmqautoscalers"] + resources: ["elasticsearchautoscalers"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Elasticsearch }} -- name: elasticsearchautoscalerwebhook.mutators.autoscaling.kubedb.com +{{- if $featureGates.FerretDB }} +- name: ferretdbautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/elasticsearchautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-ferretdbautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["autoscaling.kubedb.com"] - apiVersions: ["*"] - resources: ["elasticsearchautoscalers"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["ferretdbautoscalers"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None @@ -88,10 +110,11 @@ webhooks: - name: kafkaautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/kafkaautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-kafkaautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -105,10 +128,11 @@ webhooks: - name: mariadbautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/mariadbautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-mariadbautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -118,14 +142,51 @@ webhooks: failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} +{{- if $featureGates.Memcached }} +- name: memcachedautoscalerwebhook.mutators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-memcachedautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["memcachedautoscalers"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MongoDB }} +- name: mongodbautoscalerwebhook.mutators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-mongodbautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["mongodbautoscalers"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} {{- if $featureGates.MSSQLServer }} - name: mssqlserverautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/mssqlserverautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-mssqlserverautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -139,10 +200,11 @@ webhooks: - name: mysqlautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/mysqlautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-mysqlautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -156,10 +218,11 @@ webhooks: - name: perconaxtradbautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/perconaxtradbautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-perconaxtradbautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -169,14 +232,33 @@ webhooks: failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} +{{- if $featureGates.PgBouncer }} +- name: pgbouncerautoscalerwebhook.mutators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-pgbouncerautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["pgbouncerautoscalers"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} {{- if $featureGates.Pgpool }} - name: pgpoolautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/pgpoolautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-pgpoolautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -190,10 +272,11 @@ webhooks: - name: postgresautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/postgresautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-postgresautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -203,35 +286,37 @@ webhooks: failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.PgBouncer }} -- name: pgbouncerautoscalerwebhook.mutators.autoscaling.kubedb.com +{{- if $featureGates.ProxySQL }} +- name: proxysqlautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/pgbouncerautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-proxysqlautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] - resources: ["pgbouncerautoscalers"] + resources: ["proxysqlautoscalers"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ProxySQL }} -- name: proxysqlautoscalerwebhook.mutators.autoscaling.kubedb.com +{{- if $featureGates.RabbitMQ }} +- name: rabbitmqautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/proxysqlautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-rabbitmqautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] - resources: ["proxysqlautoscalers"] + resources: ["rabbitmqautoscalers"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} @@ -241,10 +326,11 @@ webhooks: - name: redisautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/redisautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-redisautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -256,10 +342,11 @@ webhooks: - name: redissentinelautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/redissentinelautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-redissentinelautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -273,10 +360,11 @@ webhooks: - name: singlestoreautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/singlestoreautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-singlestoreautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -290,10 +378,11 @@ webhooks: - name: solrautoscalerwebhook.mutators.autoscaling.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.autoscaling.kubedb.com/v1alpha1/solrautoscalerwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-solrautoscaler + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["autoscaling.kubedb.com"] apiVersions: ["*"] @@ -303,6 +392,24 @@ webhooks: failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- end }} +{{- if $featureGates.ZooKeeper }} +- name: zookeeperautoscalerwebhook.mutators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-autoscaling-kubedb-com-v1alpha1-zookeeperautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["zookeeperautoscalers"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None {{- end }} +{{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/autoscaler/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/autoscaler/validating-webhook.yaml new file mode 100644 index 0000000..7c4bb58 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/autoscaler/validating-webhook.yaml @@ -0,0 +1,417 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{- if .Values.apiserver.enableMutatingWebhook }} +{{- if list "kubedb-webhook-server" "kubedb-autoscaler" | has .Values.server.repository }} + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validators.autoscaling.kubedb.com + labels: + app.kubernetes.io/component: kubedb-autoscaler + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +webhooks: +{{- if $featureGates.Cassandra }} +- name: cassandraautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-cassandraautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["cassandraautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ClickHouse }} +- name: clickhouseautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-clickhouseautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["clickhouseautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Druid }} +- name: druidautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-druidautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["druidautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Elasticsearch }} +- name: elasticsearchautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-elasticsearchautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["elasticsearchautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.FerretDB }} +- name: ferretdbautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-ferretdbautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["ferretdbautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Kafka }} +- name: kafkaautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-kafkaautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["kafkaautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MariaDB }} +- name: mariadbautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-mariadbautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["mariadbautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Memcached }} +- name: memcachedautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-memcachedautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["memcachedautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MongoDB }} +- name: mongodbautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-mongodbautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["mongodbautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MSSQLServer }} +- name: mssqlserverautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-mssqlserverautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["mssqlserverautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MySQL }} +- name: mysqlautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-mysqlautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["mysqlautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.PerconaXtraDB }} +- name: perconaxtradbautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-perconaxtradbautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["perconaxtradbautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.PgBouncer }} +- name: pgbouncerautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-pgbouncerautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["pgbouncerautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Pgpool }} +- name: pgpoolautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-pgpoolautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["pgpoolautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Postgres }} +- name: postgresautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-postgresautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["postgresautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ProxySQL }} +- name: proxysqlautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-proxysqlautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["proxysqlautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.RabbitMQ }} +- name: rabbitmqautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-rabbitmqautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["rabbitmqautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Redis }} +- name: redisautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-redisautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["redisautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +- name: redissentinelautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-redissentinelautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["redissentinelautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Singlestore }} +- name: singlestoreautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-singlestoreautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["singlestoreautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Solr }} +- name: solrautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-solrautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["solrautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ZooKeeper }} +- name: zookeeperautoscalerwebhook.validators.autoscaling.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-autoscaling-kubedb-com-v1alpha1-zookeeperautoscaler + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["autoscaling.kubedb.com"] + apiVersions: ["*"] + resources: ["zookeeperautoscalers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} + +{{- end }} +{{- end }} + + diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/webhook-eas-rbac.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/cluster-role-binding.yaml similarity index 50% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/webhook-eas-rbac.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/cluster-role-binding.yaml index a8a5bfd..8c8ac79 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/webhook-eas-rbac.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/cluster-role-binding.yaml @@ -1,32 +1,45 @@ -# to read the config for terminating authentication apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - name: {{ include "kubedb-webhook-server.fullname" . }}-apiserver-extension-server-authentication-reader - namespace: kube-system + name: {{ include "kubedb-webhook-server.fullname" . }} labels: {{- include "kubedb-webhook-server.labels" . | nindent 4 }} roleRef: - kind: Role apiGroup: rbac.authorization.k8s.io - name: extension-apiserver-authentication-reader + kind: ClusterRole + name: {{ include "kubedb-webhook-server.fullname" . }} subjects: - kind: ServiceAccount name: {{ include "kubedb-webhook-server.serviceAccountName" . }} namespace: {{ .Release.Namespace }} --- -# to delegate authentication and authorization apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "kubedb-webhook-server.fullname" . }}-apiserver-auth-delegator + name: {{ include "kubedb-webhook-server.fullname" . }}-auth-delegator labels: {{- include "kubedb-webhook-server.labels" . | nindent 4 }} roleRef: - kind: ClusterRole apiGroup: rbac.authorization.k8s.io + kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: {{ include "kubedb-webhook-server.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kubedb-webhook-server.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubedb-webhook-server.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "kubedb-webhook-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/cluster-role.yaml similarity index 72% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/cluster-role.yaml index 040d1c2..69b0ea8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/cluster-role.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/cluster-role.yaml @@ -31,7 +31,7 @@ rules: - storage.k8s.io resources: - storageclasses - verbs: ["get"] + verbs: ["get", "list", "watch"] - apiGroups: - "" resources: @@ -86,3 +86,43 @@ rules: resources: - "customresourcedefinitions" verbs: ["get", "list", "watch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kubedb-webhook-server.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/deployment.yaml similarity index 80% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/deployment.yaml index 6dd5fe8..1bad58f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/deployment.yaml @@ -61,16 +61,14 @@ spec: args: - run - --v={{ .Values.logLevel }} - - --secure-port={{ .Values.apiserver.port }} - - --audit-log-path=- - - --tls-cert-file=/var/serving-cert/tls.crt - - --tls-private-key-file=/var/serving-cert/tls.key + - --leader-elect=false + - --metrics-secure=true + - --metrics-bind-address=:8443 + - --health-probe-bind-address=:8081 + - --cert-dir=/var/serving-cert {{- with .Values.defaultSeccompProfileType }} - --default-seccomp-profile-type={{ . }} {{- end }} - - --enable-mutating-webhook={{ .Values.apiserver.enableMutatingWebhook }} - - --enable-validating-webhook={{ .Values.apiserver.enableValidatingWebhook }} - - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }} env: - name: POD_NAME valueFrom: @@ -81,10 +79,15 @@ spec: fieldRef: fieldPath: metadata.namespace ports: - - name: https - containerPort: {{ .Values.apiserver.port }} - - name: crd - containerPort: 9443 + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP volumeMounts: - mountPath: /tmp name: tmpdir @@ -94,16 +97,15 @@ spec: readinessProbe: httpGet: path: /healthz - port: operator - scheme: HTTPS - initialDelaySeconds: 5 + port: probes + initialDelaySeconds: 15 + periodSeconds: 20 livenessProbe: httpGet: path: /healthz - port: operator - scheme: HTTPS - initialDelaySeconds: 15 - timeoutSeconds: 15 + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} resources: {{- toYaml .Values.server.resources | nindent 10 }} @@ -113,7 +115,7 @@ spec: - name: serving-cert secret: defaultMode: 420 - secretName: {{ include "kubedb-webhook-server.fullname" . }}-apiserver-cert + secretName: {{ include "kubedb-webhook-server.fullname" . }}-cert securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if or $tolerations $criticalAddon }} @@ -126,9 +128,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "kubedb-ops-manager.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/dashboard/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/elasticsearch/mutating-webhook.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/dashboard/mutating-webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/elasticsearch/mutating-webhook.yaml index 5dcf8a8..9c60bd6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/dashboard/mutating-webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/elasticsearch/mutating-webhook.yaml @@ -1,3 +1,5 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + {{ $featureGates := .Values.featureGates }} {{- if .Values.global }} {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} @@ -6,8 +8,6 @@ {{- if .Values.apiserver.enableMutatingWebhook }} {{- if list "kubedb-webhook-server" "kubedb-dashboard" | has .Values.server.repository }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -20,10 +20,11 @@ webhooks: - name: elasticsearchdashboardwebhook.mutators.elasticsearch.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.elasticsearch.kubedb.com/v1alpha1/elasticsearchdashboardwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-elasticsearch-kubedb-com-v1alpha1-elasticsearchdashboard + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["elasticsearch.kubedb.com"] apiVersions: ["*"] diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/dashboard/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/elasticsearch/validating-webhook.yaml similarity index 78% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/dashboard/validating-webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/elasticsearch/validating-webhook.yaml index 76bc338..de839ea 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/dashboard/validating-webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/elasticsearch/validating-webhook.yaml @@ -1,3 +1,5 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + {{ $featureGates := .Values.featureGates }} {{- if .Values.global }} {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} @@ -6,8 +8,6 @@ {{- if .Values.apiserver.enableValidatingWebhook }} {{- if list "kubedb-webhook-server" "kubedb-dashboard" | has .Values.server.repository }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -20,10 +20,11 @@ webhooks: - name: elasticsearchdashboardwebhook.validators.elasticsearch.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.elasticsearch.kubedb.com/v1alpha1/elasticsearchdashboardwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-elasticsearch-kubedb-com-v1alpha1-elasticsearchdashboard + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["elasticsearch.kubedb.com"] apiVersions: ["*"] diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/network-policy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/network-policy.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/network-policy.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/network-policy.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/ops-manager/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/ops-manager/validating-webhook.yaml new file mode 100644 index 0000000..da7a233 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/ops-manager/validating-webhook.yaml @@ -0,0 +1,448 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{- if .Values.apiserver.enableValidatingWebhook }} +{{- if list "kubedb-webhook-server" "kubedb-ops-manager" | has .Values.server.repository }} + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validators.ops.kubedb.com + labels: + app.kubernetes.io/component: kubedb-ops-manager + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +webhooks: +{{- if $featureGates.Cassandra }} +- name: cassandraopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-cassandraopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["cassandraopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ClickHouse }} +- name: clickhouseopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-clickhouseopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["clickhouseopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Druid }} +- name: druidopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-druidopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["druidopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Elasticsearch }} +- name: elasticsearchopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-elasticsearchopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["elasticsearchopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.FerretDB }} +- name: ferretdbopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-ferretdbopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["ferretdbopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Kafka }} +- name: kafkaopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-kafkaopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["kafkaopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MariaDB }} +- name: mariadbopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-mariadbopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["mariadbopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Memcached }} +- name: memcachedopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-memcachedopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["memcachedopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MongoDB }} +- name: mongodbopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-mongodbopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["mongodbopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MSSQLServer }} +- name: mssqlserveropsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-mssqlserveropsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["mssqlserveropsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MySQL }} +- name: mysqlopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-mysqlopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["mysqlopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.PerconaXtraDB }} +- name: perconaxtradbopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-perconaxtradbopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["perconaxtradbopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.PgBouncer }} +- name: pgbounceropsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-pgbounceropsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["pgbounceropsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Pgpool }} +- name: pgpoolopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-pgpoolopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["pgpoolopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Postgres }} +- name: postgresopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-postgresopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["postgresopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None + +- name: publisherwebhook.validators.postgres.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-postgres-kubedb-com-v1alpha1-publisher + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["postgres.kubedb.com"] + apiVersions: ["*"] + resources: ["publishers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +- name: subscriberwebhook.validators.postgres.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-postgres-kubedb-com-v1alpha1-subscriber + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["postgres.kubedb.com"] + apiVersions: ["*"] + resources: ["subscribers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ProxySQL }} +- name: proxysqlopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-proxysqlopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["proxysqlopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.RabbitMQ }} +- name: rabbitmqopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-rabbitmqopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["rabbitmqopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Redis }} +- name: redisopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-redisopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["redisopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +- name: redissentinelopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-redissentinelopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["redissentinelopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Singlestore }} +- name: singlestoreopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-singlestoreopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["singlestoreopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Solr }} +- name: solropsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-solropsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["solropsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.ZooKeeper }} +- name: zookeeperopsrequestwebhook.validators.ops.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-ops-kubedb-com-v1alpha1-zookeeperopsrequest + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["ops.kubedb.com"] + apiVersions: ["*"] + resources: ["zookeeperopsrequests"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} + +{{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/pdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/pdb.yaml new file mode 100644 index 0000000..bb09d2d --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/pdb.yaml @@ -0,0 +1,15 @@ +{{- if gt (int .Values.replicaCount) 1 }} + +apiVersion: policy/v1 +kind: PodDisruptionBudget + name: {{ include "kubedb-webhook-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +spec: + minAvailable: 1 + selector: + matchLabels: + {{- include "kubedb-webhook-server.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/provisioner/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/provisioner/mutating-webhook.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/provisioner/mutating-webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/provisioner/mutating-webhook.yaml index 661de6e..47e4d25 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/provisioner/mutating-webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/provisioner/mutating-webhook.yaml @@ -8,8 +8,6 @@ {{- if .Values.apiserver.enableMutatingWebhook }} {{- if not (list "kubedb-autoscaler" "kubedb-dashboard" "kubedb-ops-manager" "kubedb-schema-manager" | has .Values.server.repository) }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -18,466 +16,483 @@ metadata: app.kubernetes.io/component: kubedb-provisioner {{- include "kubedb-webhook-server.labels" . | nindent 4 }} webhooks: -{{- if $featureGates.Elasticsearch }} -- name: elasticsearchwebhook.mutators.kubedb.com +{{- if $featureGates.Cassandra }} +- name: cassandrawebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-elasticsearch - port: 9443 + path: /mutate-kubedb-com-v1alpha2-cassandra + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["elasticsearches"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["cassandras"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Postgres }} -- name: postgreswebhook.mutators.kubedb.com +{{- if $featureGates.ClickHouse }} +- name: clickhousewebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-postgres - port: 9443 + path: /mutate-kubedb-com-v1alpha2-clickhouse + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["postgreses"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["clickhouses"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - matchPolicy: Equivalent sideEffects: None {{- end }} -{{- if $featureGates.FerretDB }} -- name: ferretdbwebhook.mutators.kubedb.com +{{- if $featureGates.Druid }} +- name: druidwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/ferretdbwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-druid + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["*"] - resources: ["ferretdbs"] + resources: ["druids"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MySQL }} -- name: mysqlwebhook.mutators.kubedb.com +{{- if $featureGates.Elasticsearch }} +- name: elasticsearchwebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-mysql - port: 9443 + path: /mutate-kubedb-com-v1-elasticsearch + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["v1"] - resources: ["mysqls"] + resources: ["elasticsearches"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.PerconaXtraDB }} -- name: perconaxtradbwebhook.mutators.kubedb.com +{{- if $featureGates.Etcd }} +- name: etcdwebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-perconaxtradb - port: 9443 + path: /mutate-kubedb-com-v1-etcd + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["perconaxtradbs"] + apiVersions: ["*"] + resources: ["etcds"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MongoDB }} -- name: mongodbwebhook.mutators.kubedb.com +{{- if $featureGates.FerretDB }} +- name: ferretdbwebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-mongodb - port: 9443 + path: /mutate-kubedb-com-v1alpha2-ferretdb + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["mongodbs"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["ferretdbs"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Redis }} -- name: rediswebhook.mutators.kubedb.com +{{- if $featureGates.Kafka }} +- name: kafkawebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-redis - port: 9443 + path: /mutate-kubedb-com-v1-kafka + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["redises"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "v1" ] + resources: [ "kafkas" ] + operations: [ "CREATE", "UPDATE" ] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: redissentinelwebhook.mutators.kubedb.com +- name: connectclusterwebhook.mutators.kafka.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-redissentinel - port: 9443 + path: /mutate-kafka-kubedb-com-v1alpha1-connectcluster + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["redissentinels"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "connectclusters" ] + operations: [ "CREATE", "UPDATE" ] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -{{- end }} -{{- if $featureGates.Memcached }} -- name: memcachedwebhook.mutators.kubedb.com +- name: connectorwebhook.mutators.kafka.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-memcached - port: 9443 + path: /mutate-kafka-kubedb-com-v1alpha1-connector + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["memcacheds"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "connectors" ] + operations: [ "CREATE", "UPDATE" ] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -{{- end }} -{{- if $featureGates.Etcd }} -- name: etcdwebhook.mutators.kubedb.com +- name: restproxywebhook.mutators.kafka.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/etcdwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kafka-kubedb-com-v1alpha1-restproxy + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["etcds"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "restproxies" ] + operations: [ "CREATE", "UPDATE" ] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -{{- end }} -{{- if $featureGates.PgBouncer }} -- name: pgbouncerwebhook.mutators.kubedb.com +- name: schemaregistrywebhook.mutators.kafka.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-pgbouncer - port: 9443 + path: /mutate-kafka-kubedb-com-v1alpha1-schemaregistry + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["pgbouncers"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "schemaregistries" ] + operations: [ "CREATE", "UPDATE" ] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ProxySQL }} -- name: proxysqlwebhook.mutators.kubedb.com +{{- if $featureGates.MariaDB }} +- name: mariadbwebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-proxysql - port: 9443 + path: /mutate-kubedb-com-v1-mariadb + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["v1"] - resources: ["proxysqls"] + resources: ["mariadbs"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ZooKeeper }} -- name: zookeeperwebhook.mutators.kubedb.com +{{- if $featureGates.Memcached }} +- name: memcachedwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/zookeeperwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-memcached + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["zookeepers"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["memcacheds"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MariaDB }} -- name: mariadbwebhook.mutators.kubedb.com +{{- if $featureGates.MongoDB }} +- name: mongodbwebhook.mutators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /mutate-kubedb-com-v1-mariadb - port: 9443 + path: /mutate-kubedb-com-v1-mongodb + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["v1"] - resources: ["mariadbs"] + resources: ["mongodbs"] operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Cassandra }} -- name: cassandrawebhook.mutators.kubedb.com +{{- if $featureGates.MSSQLServer }} +- name: mssqlserverwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/cassandrawebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-mssqlserver + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["cassandras"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "mssqlservers" ] + operations: [ "CREATE", "UPDATE" ] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ClickHouse }} -- name: clickhousewebhook.mutators.kubedb.com +{{- if $featureGates.MySQL }} +- name: mysqlwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/clickhousewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-mysql + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["clickhouses"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["mysqls"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Druid }} -- name: druidwebhook.mutators.kubedb.com +{{- if $featureGates.PerconaXtraDB }} +- name: perconaxtradbwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/druidwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-perconaxtradb + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["druids"] - operations: ["CREATE", "UPDATE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["perconaxtradbs"] + operations: ["CREATE", "UPDATE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Kafka }} -- name: kafkawebhook.mutators.kubedb.com +{{- if $featureGates.PgBouncer }} +- name: pgbouncerwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/kafkawebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-pgbouncer + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kubedb.com" ] - apiVersions: [ "v1" ] - resources: [ "kafkas" ] - operations: [ "CREATE", "UPDATE" ] - admissionReviewVersions: [ "v1beta1" ] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["pgbouncers"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: connectclusterwebhook.mutators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.Pgpool }} +- name: pgpoolwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kafka.kubedb.com/v1alpha1/connectclusterwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-pgpool + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kafka.kubedb.com" ] + - apiGroups: [ "kubedb.com" ] apiVersions: [ "*" ] - resources: [ "connectclusters" ] + resources: [ "pgpools" ] operations: [ "CREATE", "UPDATE" ] admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: connectorwebhook.mutators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.Postgres }} +- name: postgreswebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kafka.kubedb.com/v1alpha1/connectorwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-postgres + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kafka.kubedb.com" ] - apiVersions: [ "*" ] - resources: [ "connectors" ] - operations: [ "CREATE", "UPDATE" ] - admissionReviewVersions: [ "v1beta1" ] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["postgreses"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + matchPolicy: Equivalent sideEffects: None -- name: restproxywebhook.mutators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.ProxySQL }} +- name: proxysqlwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kafka.kubedb.com/v1alpha1/restproxywebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-proxysql + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kafka.kubedb.com" ] - apiVersions: [ "*" ] - resources: [ "restproxies" ] - operations: [ "CREATE", "UPDATE" ] - admissionReviewVersions: [ "v1beta1" ] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["proxysqls"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: schemaregistrywebhook.mutators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.RabbitMQ }} +- name: rabbitmqwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kafka.kubedb.com/v1alpha1/schemaregistrywebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-rabbitmq + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kafka.kubedb.com" ] + - apiGroups: [ "kubedb.com" ] apiVersions: [ "*" ] - resources: [ "schemaregistries" ] + resources: [ "rabbitmqs" ] operations: [ "CREATE", "UPDATE" ] admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Singlestore }} -- name: singlestorewebhook.mutators.kubedb.com +{{- if $featureGates.Redis }} +- name: rediswebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/singlestorewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-redis + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kubedb.com" ] - apiVersions: [ "*" ] - resources: [ "singlestores" ] - operations: [ "CREATE", "UPDATE" ] - admissionReviewVersions: [ "v1beta1" ] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["redises"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -{{- end }} -{{- if $featureGates.Solr }} -- name: solrwebhook.mutators.kubedb.com +- name: redissentinelwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/solrwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1-redissentinel + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kubedb.com" ] - apiVersions: [ "*" ] - resources: [ "solrs" ] - operations: [ "CREATE", "UPDATE" ] - admissionReviewVersions: [ "v1beta1" ] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["redissentinels"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.RabbitMQ }} -- name: rabbitmqwebhook.mutators.kubedb.com +{{- if $featureGates.Singlestore }} +- name: singlestorewebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/rabbitmqwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-singlestore + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: [ "kubedb.com" ] apiVersions: [ "*" ] - resources: [ "rabbitmqs" ] + resources: [ "singlestores" ] operations: [ "CREATE", "UPDATE" ] admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Pgpool }} -- name: pgpoolwebhook.mutators.kubedb.com +{{- if $featureGates.Solr }} +- name: solrwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/pgpoolwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-solr + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: [ "kubedb.com" ] apiVersions: [ "*" ] - resources: [ "pgpools" ] + resources: [ "solrs" ] operations: [ "CREATE", "UPDATE" ] admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MSSQLServer }} -- name: mssqlserverwebhook.mutators.kubedb.com +{{- if $featureGates.ZooKeeper }} +- name: zookeeperwebhook.mutators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/mssqlserverwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-kubedb-com-v1alpha2-zookeeper + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: [ "kubedb.com" ] - apiVersions: [ "*" ] - resources: [ "mssqlservers" ] - operations: [ "CREATE", "UPDATE" ] - admissionReviewVersions: [ "v1beta1" ] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["zookeepers"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} + {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/provisioner/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/provisioner/validating-webhook.yaml similarity index 70% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/provisioner/validating-webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/provisioner/validating-webhook.yaml index 243add6..6516523 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/provisioner/validating-webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/provisioner/validating-webhook.yaml @@ -8,8 +8,6 @@ {{- if .Values.apiserver.enableValidatingWebhook }} {{- if not (list "kubedb-autoscaler" "kubedb-dashboard" "kubedb-ops-manager" "kubedb-schema-manager" | has .Values.server.repository) }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -18,409 +16,424 @@ metadata: app.kubernetes.io/component: kubedb-provisioner {{- include "kubedb-webhook-server.labels" . | nindent 4 }} webhooks: -- name: namespacewebhook.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/namespacewebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: [""] - apiVersions: ["*"] - resources: ["namespaces"] - operations: ["DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: Ignore - sideEffects: None -{{- if $featureGates.Elasticsearch }} -- name: elasticsearchwebhook.validators.kubedb.com +{{- if $featureGates.Cassandra }} +- name: cassandrawebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-elasticsearch - port: 9443 + path: /validate-kubedb-com-v1alpha2-cassandra + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["elasticsearches"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["cassandras"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Postgres }} -- name: postgreswebhook.validators.kubedb.com +{{- if $featureGates.ClickHouse }} +- name: clickhousewebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-postgres - port: 9443 + path: /validate-kubedb-com-v1alpha2-clickhouse + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["postgreses"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["clickhouses"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None - matchPolicy: Equivalent {{- end }} -{{- if $featureGates.FerretDB }} -- name: ferretdbwebhook.validators.kubedb.com +{{- if $featureGates.Druid }} +- name: druidwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/ferretdbwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-druid + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["*"] - resources: ["ferretdbs"] + resources: ["druids"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MySQL }} -- name: mysqlwebhook.validators.kubedb.com +{{- if $featureGates.Elasticsearch }} +- name: elasticsearchwebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-mysql - port: 9443 + path: /validate-kubedb-com-v1-elasticsearch + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["v1"] - resources: ["mysqls"] + resources: ["elasticsearches"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.PerconaXtraDB }} -- name: perconaxtradbwebhook.validators.kubedb.com +{{- if $featureGates.Etcd }} +- name: etcdwebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-perconaxtradb - port: 9443 + path: /validate-kubedb-com-v1-etcd + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["perconaxtradbs"] + apiVersions: ["*"] + resources: ["etcds"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MongoDB }} -- name: mongodbwebhook.validators.kubedb.com +{{- if $featureGates.FerretDB }} +- name: ferretdbwebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-mongodb - port: 9443 + path: /validate-kubedb-com-v1alpha2-ferretdb + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["mongodbs"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["*"] + resources: ["ferretdbs"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Redis }} -- name: rediswebhook.validators.kubedb.com +{{- if $featureGates.Kafka }} +- name: kafkawebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-redis - port: 9443 + path: /validate-kubedb-com-v1-kafka + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["redises"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "v1" ] + resources: [ "kafkas" ] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: redissentinelwebhook.validators.kubedb.com +- name: connectclusterwebhook.validators.kafka.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-redissentinel - port: 9443 + path: /validate-kafka-kubedb-com-v1alpha1-connectcluster + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["redissentinels"] - operations: ["CREATE", "UPDATE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "connectclusters" ] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -{{- end }} -{{- if $featureGates.Memcached }} -- name: memcachedwebhook.validators.kubedb.com +- name: connectorwebhook.validators.kafka.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-memcached - port: 9443 + path: /validate-kafka-kubedb-com-v1alpha1-connector + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["memcacheds"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "connectors" ] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -{{- end }} -{{- if $featureGates.Etcd }} -- name: etcdwebhook.validators.kubedb.com +- name: restproxywebhook.validators.kafka.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/etcdwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kafka-kubedb-com-v1alpha1-restproxy + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["etcds"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "restproxies" ] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: [ "v1beta1" ] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +- name: schemaregistrywebhook.validators.kafka.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kafka-kubedb-com-v1alpha1-schemaregistry + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: [ "kafka.kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "schemaregistries" ] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.PgBouncer }} -- name: pgbouncerwebhook.validators.kubedb.com +{{- if $featureGates.MariaDB }} +- name: mariadbwebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-pgbouncer - port: 9443 + path: /validate-kubedb-com-v1-mariadb + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["v1"] - resources: ["pgbouncers"] + resources: ["mariadbs"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ProxySQL }} -- name: proxysqlwebhook.validators.kubedb.com +{{- if $featureGates.Memcached }} +- name: memcachedwebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-proxysql - port: 9443 + path: /validate-kubedb-com-v1-memcached + port: 443 caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["v1"] - resources: ["proxysqls"] + resources: ["memcacheds"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MariaDB }} -- name: mariadbwebhook.validators.kubedb.com +{{- if $featureGates.MongoDB }} +- name: mongodbwebhook.validators.kubedb.com clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ include "kubedb-webhook-server.fullname" . }} - path: /validate-kubedb-com-v1-mariadb - port: 9443 + path: /validate-kubedb-com-v1-mongodb + port: 443 caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["mariadbs"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["mongodbs"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ZooKeeper }} -- name: zookeeperwebhook.validators.kubedb.com +{{- if $featureGates.MSSQLServer }} +- name: mssqlserverwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/zookeeperwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-mssqlserver + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["zookeepers"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "mssqlservers" ] operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.RabbitMQ }} -- name: rabbitmqwebhook.validators.kubedb.com +{{- if $featureGates.MySQL }} +- name: mysqlwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/rabbitmqwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-mysql + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["rabbitmqs"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["mysqls"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Druid }} -- name: druidwebhook.validators.kubedb.com +{{- if $featureGates.PerconaXtraDB }} +- name: perconaxtradbwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/druidwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-perconaxtradb + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["druids"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["perconaxtradbs"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Cassandra }} -- name: cassandrawebhook.validators.kubedb.com +{{- if $featureGates.PgBouncer }} +- name: pgbouncerwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/cassandrawebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-pgbouncer + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["cassandras"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["pgbouncers"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.ClickHouse }} -- name: clickhousewebhook.validators.kubedb.com +{{- if $featureGates.Pgpool }} +- name: pgpoolwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/clickhousewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-pgpool + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["clickhouses"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "pgpools" ] operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.Kafka }} -- name: kafkawebhook.validators.kubedb.com +{{- if $featureGates.Postgres }} +- name: postgreswebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/kafkawebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-postgres + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["v1"] - resources: ["kafkas"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["postgreses"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + matchPolicy: Equivalent sideEffects: None -- name: connectclusterwebhook.validators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.ProxySQL }} +- name: proxysqlwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kafka.kubedb.com/v1alpha1/connectclusterwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-proxysql + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kafka.kubedb.com"] - apiVersions: ["*"] - resources: ["connectclusters"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["proxysqls"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: connectorwebhook.validators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.RabbitMQ }} +- name: rabbitmqwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kafka.kubedb.com/v1alpha1/connectorwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-rabbitmq + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kafka.kubedb.com"] - apiVersions: ["*"] - resources: ["connectors"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "rabbitmqs" ] operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: restproxywebhook.validators.kafka.kubedb.com +{{- end }} +{{- if $featureGates.Redis }} +- name: rediswebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kafka.kubedb.com/v1alpha1/restproxywebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-redis + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kafka.kubedb.com"] - apiVersions: ["*"] - resources: ["restproxies"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["redises"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None -- name: schemaregistrywebhook.validators.kafka.kubedb.com +- name: redissentinelwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kafka.kubedb.com/v1alpha1/schemaregistrywebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1-redissentinel + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kafka.kubedb.com"] - apiVersions: ["*"] - resources: ["schemaregistries"] + - apiGroups: ["kubedb.com"] + apiVersions: ["v1"] + resources: ["redissentinels"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} @@ -430,16 +443,17 @@ webhooks: - name: singlestorewebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/singlestorewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-singlestore + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["singlestores"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "singlestores" ] operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} @@ -447,52 +461,38 @@ webhooks: - name: solrwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/solrwebhooks - caBundle: {{ $caCrt }} - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["solrs"] - operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] - failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} - sideEffects: None -{{- end }} -{{- if $featureGates.Pgpool }} -- name: pgpoolwebhook.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/pgpoolwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-solr + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["pgpools"] + - apiGroups: [ "kubedb.com" ] + apiVersions: [ "*" ] + resources: [ "solrs" ] operations: ["CREATE", "UPDATE", "DELETE"] - admissionReviewVersions: ["v1beta1"] + admissionReviewVersions: [ "v1beta1" ] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} -{{- if $featureGates.MSSQLServer }} -- name: mssqlserverwebhook.validators.kubedb.com +{{- if $featureGates.ZooKeeper }} +- name: zookeeperwebhook.validators.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/mssqlserverwebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-kubedb-com-v1alpha2-zookeeper + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["kubedb.com"] apiVersions: ["*"] - resources: ["mssqlservers"] + resources: ["zookeepers"] operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} + {{- end }} {{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/schema-manager/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/schema-manager/mutating-webhook.yaml new file mode 100644 index 0000000..37cecd9 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/schema-manager/mutating-webhook.yaml @@ -0,0 +1,92 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + +{{ $featureGates := .Values.featureGates }} +{{- if .Values.global }} + {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} +{{- end }} + +{{- if .Values.apiserver.enableMutatingWebhook }} +{{- if list "kubedb-webhook-server" "kubedb-schema-manager" | has .Values.server.repository }} + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutators.schema.kubedb.com + labels: + app.kubernetes.io/component: kubedb-schema-manager + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +webhooks: +{{- if $featureGates.MariaDB }} +- name: mariadbdatabasewebhook.mutators.schema.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-schema-kubedb-com-v1alpha1-mariadbdatabase + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["schema.kubedb.com"] + apiVersions: ["*"] + resources: ["mariadbdatabases"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MongoDB }} +- name: mongodbdatabasewebhook.mutators.schema.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-schema-kubedb-com-v1alpha1-mongodbdatabase + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["schema.kubedb.com"] + apiVersions: ["*"] + resources: ["mongodbdatabases"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.MySQL }} +- name: mysqldatabasewebhook.mutators.schema.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-schema-kubedb-com-v1alpha1-mysqldatabase + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["schema.kubedb.com"] + apiVersions: ["*"] + resources: ["mysqldatabases"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- if $featureGates.Postgres }} +- name: postgresdatabasewebhook.mutators.schema.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /mutate-schema-kubedb-com-v1alpha1-postgresdatabase + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["schema.kubedb.com"] + apiVersions: ["*"] + resources: ["postgresdatabases"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} +{{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/schema-manager/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/schema-manager/validating-webhook.yaml similarity index 53% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/schema-manager/validating-webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/schema-manager/validating-webhook.yaml index 4ec9754..7f31358 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/schema-manager/validating-webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/schema-manager/validating-webhook.yaml @@ -1,3 +1,5 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + {{ $featureGates := .Values.featureGates }} {{- if .Values.global }} {{ $featureGates = mergeOverwrite dict .Values.featureGates .Values.global.featureGates }} @@ -6,8 +8,6 @@ {{- if .Values.apiserver.enableValidatingWebhook }} {{- if list "kubedb-webhook-server" "kubedb-schema-manager" | has .Values.server.repository }} -{{- $caCrt := dig "data" "ca.crt" "unknown" (lookup "v1" "ConfigMap" .Release.Namespace "kube-root-ca.crt") | b64enc }} - apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -16,19 +16,20 @@ metadata: app.kubernetes.io/component: kubedb-schema-manager {{- include "kubedb-webhook-server.labels" . | nindent 4 }} webhooks: -{{- if $featureGates.MySQL }} -- name: mysqldatabasewebhook.validators.schema.kubedb.com +{{- if $featureGates.MariaDB }} +- name: mariadbdatabasewebhook.validators.schema.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.schema.kubedb.com/v1alpha1/mysqldatabasewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-schema-kubedb-com-v1alpha1-mariadbdatabase + port: 443 + caBundle: {{ $._caCrt }} rules: - - apiGroups: ["schema.kubedb.com"] - apiVersions: ["*"] - resources: ["mysqldatabases"] - operations: ["CREATE", "UPDATE", "DELETE"] + - apiGroups: ["schema.kubedb.com"] + apiVersions: ["*"] + resources: ["mariadbdatabases"] + operations: ["CREATE", "UPDATE", "DELETE"] admissionReviewVersions: ["v1beta1"] failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None @@ -37,10 +38,11 @@ webhooks: - name: mongodbdatabasewebhook.validators.schema.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.schema.kubedb.com/v1alpha1/mongodbdatabasewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-schema-kubedb-com-v1alpha1-mongodbdatabase + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["schema.kubedb.com"] apiVersions: ["*"] @@ -50,14 +52,33 @@ webhooks: failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} sideEffects: None {{- end }} +{{- if $featureGates.MySQL }} +- name: mysqldatabasewebhook.validators.schema.kubedb.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-schema-kubedb-com-v1alpha1-mysqldatabase + port: 443 + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["schema.kubedb.com"] + apiVersions: ["*"] + resources: ["mysqldatabases"] + operations: ["CREATE", "UPDATE", "DELETE"] + admissionReviewVersions: ["v1beta1"] + failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }} + sideEffects: None +{{- end }} {{- if $featureGates.Postgres }} - name: postgresdatabasewebhook.validators.schema.kubedb.com clientConfig: service: - namespace: default - name: kubernetes - path: /apis/validators.schema.kubedb.com/v1alpha1/postgresdatabasewebhooks - caBundle: {{ $caCrt }} + namespace: {{ .Release.Namespace }} + name: {{ include "kubedb-webhook-server.fullname" . }} + path: /validate-schema-kubedb-com-v1alpha1-postgresdatabase + port: 443 + caBundle: {{ $._caCrt }} rules: - apiGroups: ["schema.kubedb.com"] apiVersions: ["*"] diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/secret.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/secret.yaml new file mode 100644 index 0000000..946a0e4 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/secret.yaml @@ -0,0 +1,14 @@ +{{ template "kubedb-webhook-server.prepare-certs" $ }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "kubedb-webhook-server.fullname" . }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubedb-webhook-server.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + ca.crt: {{ $._caCrt }} + tls.crt: {{ $._serverCrt }} + tls.key: {{ $._serverKey }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/service.yaml similarity index 80% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/service.yaml index 76dcbeb..fb282d0 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/service.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/service.yaml @@ -9,17 +9,19 @@ metadata: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" - prometheus.io/port: {{ .Values.apiserver.port | quote }} + prometheus.io/port: "8443" prometheus.io/scheme: "https" {{- end }} spec: publishNotReadyAddresses: true ports: - - name: api + - name: https port: 443 + protocol: TCP targetPort: https - - name: crd - port: 9443 - targetPort: crd + - name: metrics + port: 8443 + protocol: TCP + targetPort: metrics selector: {{- include "kubedb-webhook-server.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/servicemonitor.yaml similarity index 71% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/servicemonitor.yaml index fcf72d3..d0b1c5c 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/templates/servicemonitor.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/templates/servicemonitor.yaml @@ -18,13 +18,22 @@ spec: matchLabels: {{- include "kubedb-webhook-server.selectorLabels" . | nindent 6 }} endpoints: - - port: api - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + path: /metrics + port: metrics scheme: https tlsConfig: ca: secret: - name: {{ include "kubedb-webhook-server.fullname" . }}-apiserver-cert + name: {{ include "kubedb-webhook-server.fullname" . }}-cert key: ca.crt + cert: + secret: + name: {{ include "kubedb-webhook-server.fullname" . }}-cert + key: tls.crt + insecureSkipVerify: false + keySecret: + name: {{ include "kubedb-webhook-server.fullname" . }}-cert + key: tls.key serverName: "{{ include "kubedb-webhook-server.fullname" . }}.{{ .Release.Namespace }}.svc" {{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/values.openapiv3_schema.yaml new file mode 100644 index 0000000..b432636 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/values.openapiv3_schema.yaml @@ -0,0 +1,2149 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + ca: + type: string + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + format: int32 + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + format: int32 + type: integer + webhook: + properties: + failurePolicy: + type: string + required: + - failurePolicy + type: object + required: + - ca + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + - webhook + type: object + criticalAddon: + type: boolean + defaultSeccompProfileType: + type: string + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + hostNetwork: + type: boolean + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + server: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array +required: +- apiserver +- featureGates +- hostNetwork +- imagePullPolicy +- monitoring +- registryFQDN +- replicaCount +- server +- serviceAccount +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/values.yaml similarity index 98% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/values.yaml index b18b321..d2e84c5 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-webhook-server/values.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/kubedb-webhook-server/values.yaml @@ -114,8 +114,6 @@ apiserver: healthcheck: # healthcheck configures the readiness and liveliness probes for the webhook server pod. enabled: false - # Port used to expose the webhook server apiserver - port: 8443 servingCerts: # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) # to authenticate webhook servers pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/Chart.yaml new file mode 100644 index 0000000..ad4a766 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: v0.0.3 +description: A Helm chart for OpenShift +home: https://github.com/appscode-cloud +icon: https://cdn.appscode.com/images/products/bytebuilders/icons/android-icon-192x192.png +maintainers: +- email: support@appscode.com + name: appscode +name: operator-shard-manager +sources: +- https://github.com/appscode-cloud +type: application +version: v2025.3.14 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/README.md new file mode 100644 index 0000000..24acd31 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/README.md @@ -0,0 +1,96 @@ +# Operator Shard Manager + +[Operator Shard Manager by AppsCode](https://github.com/appscode-cloud) - Operator Shard Manager + +## TL;DR; + +```bash +$ helm repo add appscode https://charts.appscode.com/stable +$ helm repo update +$ helm search repo appscode/operator-shard-manager --version=v2025.3.14 +$ helm upgrade -i operator-shard-manager appscode/operator-shard-manager -n ace --create-namespace --version=v2025.3.14 +``` + +## Introduction + +This chart deploys a Operator Shard Manager on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.21+ + +## Installing the Chart + +To install/upgrade the chart with the release name `operator-shard-manager`: + +```bash +$ helm upgrade -i operator-shard-manager appscode/operator-shard-manager -n ace --create-namespace --version=v2025.3.14 +``` + +The command deploys a Operator Shard Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall the `operator-shard-manager`: + +```bash +$ helm uninstall operator-shard-manager -n ace +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `operator-shard-manager` chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| nameOverride | Overrides name template | "" | +| fullnameOverride | Overrides fullname template | "" | +| replicaCount | | 1 | +| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | +| image.registry | Docker registry used to pull operator image | appscode | +| image.repository | Name of operator container image | operator-shard-manager | +| image.tag | Overrides the image tag whose default is the chart appVersion. | "" | +| image.resources | Compute Resources required by the operator container | {} | +| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | +| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/supervisor \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | +| imagePullPolicy | Container image pull policy | IfNotPresent | +| criticalAddon | If true, installs shard manager as critical addon | false | +| logLevel | Log level for operator | 3 | +| annotations | Annotations applied to operator deployment | {} | +| podAnnotations | Annotations passed to operator pod(s). | {} | +| podLabels | Labels passed to operator pod(s) | {} | +| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} | +| podSecurityContext | | {} | +| tolerations | | [] | +| affinity | | {} | +| serviceAccount.create | Specifies whether a service account should be created | true | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | +| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for shard manager CRDs | false | +| apiserver.enableValidatingWebhook | If true, validating webhook is configured for shard manager CRDs | false | +| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | +| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | +| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | +| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | +| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | +| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" | +| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | +| networkPolicy.enabled | | false | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: + +```bash +$ helm upgrade -i operator-shard-manager appscode/operator-shard-manager -n ace --create-namespace --version=v2025.3.14 --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +$ helm upgrade -i operator-shard-manager appscode/operator-shard-manager -n ace --create-namespace --version=v2025.3.14 --values values.yaml +``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/crds/operator.k8s.appscode.com_shardconfigurations.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/crds/operator.k8s.appscode.com_shardconfigurations.yaml new file mode 100644 index 0000000..60be647 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/crds/operator.k8s.appscode.com_shardconfigurations.yaml @@ -0,0 +1,114 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: shardconfigurations.operator.k8s.appscode.com +spec: + group: operator.k8s.appscode.com + names: + kind: ShardConfiguration + listKind: ShardConfigurationList + plural: shardconfigurations + singular: shardconfiguration + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + controllers: + items: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - name + type: object + minItems: 1 + type: array + resources: + items: + properties: + apiGroup: + type: string + kind: + type: string + type: object + minItems: 1 + type: array + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + observedGeneration: + format: int64 + type: integer + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + maxItems: 12 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllers: + items: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + pods: + items: + type: string + type: array + required: + - name + type: object + type: array + phase: + enum: + - Pending + - Current + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/doc.yaml new file mode 100644 index 0000000..15879dd --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/doc.yaml @@ -0,0 +1,18 @@ +project: + name: Operator Shard Manager by AppsCode + shortName: Operator Shard Manager + url: https://github.com/appscode-cloud + description: Operator Shard Manager + app: a Operator Shard Manager +repository: + url: https://charts.appscode.com/stable + name: appscode +chart: + name: operator-shard-manager + values: -- generate from values file -- + valuesExample: -- generate from values file -- +prerequisites: +- Kubernetes 1.21+ +release: + name: operator-shard-manager + namespace: ace diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/NOTES.txt new file mode 100644 index 0000000..d8d4628 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that Operator Shard Manager has started, run: + + kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "operator-shard-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/_helpers.tpl new file mode 100644 index 0000000..884ef07 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/_helpers.tpl @@ -0,0 +1,137 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "operator-shard-manager.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "operator-shard-manager.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "operator-shard-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "operator-shard-manager.labels" -}} +helm.sh/chart: {{ include "operator-shard-manager.chart" . }} +{{ include "operator-shard-manager.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "operator-shard-manager.selectorLabels" -}} +app.kubernetes.io/name: {{ include "operator-shard-manager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "operator-shard-manager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "operator-shard-manager.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Returns the appscode license +*/}} +{{- define "appscode.license" -}} +{{- .Values.license }} +{{- end }} + +{{/* +Returns the registry used for operator docker image +*/}} +{{- define "image.registry" -}} +{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }} +{{- end }} + +{{- define "appscode.imagePullSecrets" -}} +{{- with .Values.imagePullSecrets -}} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} + +{{/* +Returns the enabled monitoring agent name +*/}} +{{- define "monitoring.agent" -}} +{{- .Values.monitoring.agent }} +{{- end }} + +{{/* +Returns whether the ServiceMonitor will be labeled with custom label +*/}} +{{- define "monitoring.apply-servicemonitor-label" -}} +{{- ternary "false" "true" ( empty .Values.monitoring.serviceMonitor.labels ) -}} +{{- end }} + +{{/* +Returns the ServiceMonitor labels +*/}} +{{- define "monitoring.servicemonitor-label" -}} +{{- range $key, $val := .Values.monitoring.serviceMonitor.labels }} +{{ $key }}: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Prepare certs +*/}} +{{- define "operator-shard-manager.prepare-certs" -}} +{{- if not ._caCrt }} +{{- $caCrt := "" }} +{{- $serverCrt := "" }} +{{- $serverKey := "" }} +{{- if .Values.apiserver.servingCerts.generate }} +{{- $ca := genCA "ca" 3650 }} +{{- $cn := include "operator-shard-manager.fullname" . -}} +{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} +{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} +{{- $caCrt = b64enc $ca.Cert }} +{{- $serverCrt = b64enc $server.Cert }} +{{- $serverKey = b64enc $server.Key }} +{{- else }} +{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} +{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} +{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} +{{- end }} + +{{ $_ := set $ "_caCrt" $caCrt }} +{{ $_ := set $ "_serverCrt" $serverCrt }} +{{ $_ := set $ "_serverKey" $serverKey }} + +{{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..a302210 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/cluster-role-binding.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "operator-shard-manager.fullname" . }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "operator-shard-manager.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "operator-shard-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "operator-shard-manager.fullname" . }}-auth-delegator + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ include "operator-shard-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "operator-shard-manager.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "operator-shard-manager.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "operator-shard-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/cluster-role.yaml new file mode 100644 index 0000000..80e7de1 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/cluster-role.yaml @@ -0,0 +1,58 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "operator-shard-manager.fullname" . }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +rules: +- apiGroups: + - "*" + resources: + - "*" + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "operator-shard-manager.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/deployment.yaml new file mode 100644 index 0000000..1595d5d --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/deployment.yaml @@ -0,0 +1,141 @@ +{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }} +{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }} +{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}} + +{{- $nodeSelector := .Values.nodeSelector }} +{{- if .Values.global }} + {{ $nodeSelector = default .Values.nodeSelector .Values.global.nodeSelector }} +{{- end }} + +{{- $tolerations := .Values.tolerations }} +{{- if .Values.global }} + {{ $tolerations = default .Values.tolerations .Values.global.tolerations }} +{{- end }} + +{{- $affinity := .Values.affinity }} +{{- if .Values.global }} + {{ $affinity = default .Values.affinity .Values.global.affinity }} +{{- end }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "operator-shard-manager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "operator-shard-manager.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "operator-shard-manager.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + reload: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if $criticalAddon }} + scheduler.alpha.kubernetes.io/critical-pod: '' + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "appscode.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "operator-shard-manager.serviceAccountName" . }} + containers: + - name: operator + securityContext: + {{- toYaml .Values.image.securityContext | nindent 10 }} + image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - run + - --v={{ .Values.logLevel }} + - --leader-elect={{ gt (int .Values.replicaCount) 1 }} + - --metrics-secure=true + - --metrics-bind-address=:8443 + - --health-probe-bind-address=:8081 + - --cert-dir=/var/serving-cert + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP + {{- if .Values.apiserver.healthcheck.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: probes + initialDelaySeconds: 15 + periodSeconds: 20 + livenessProbe: + httpGet: + path: /healthz + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + resources: + {{- toYaml .Values.image.resources | nindent 10 }} + volumeMounts: + - mountPath: /var/serving-cert + name: serving-cert + volumes: + - name: serving-cert + secret: + defaultMode: 420 + secretName: {{ include "operator-shard-manager.fullname" . }}-cert + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if or $tolerations $criticalAddon }} + tolerations: + {{- with $tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if $criticalAddon }} + - key: CriticalAddonsOnly + operator: Exists + {{- end -}} + {{- end -}} + {{- if $affinity }} + affinity: + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "operator-shard-manager.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + {{- with $nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if $criticalAddon }} + priorityClassName: system-cluster-critical + {{- end -}} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/network-policy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/network-policy.yaml similarity index 56% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/network-policy.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/network-policy.yaml index 83f0feb..50b3e3a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/network-policy.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/network-policy.yaml @@ -2,14 +2,14 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ include "petset.fullname" . }}-ingress + name: {{ include "operator-shard-manager.fullname" . }}-egress namespace: {{ .Release.Namespace }} spec: podSelector: matchLabels: - {{- include "petset.selectorLabels" . | nindent 6 }} - ingress: + {{- include "operator-shard-manager.selectorLabels" . | nindent 6 }} + egress: - {} policyTypes: - - Ingress + - Egress {{- end }} \ No newline at end of file diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/pdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/pdb.yaml new file mode 100644 index 0000000..3cc1440 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/pdb.yaml @@ -0,0 +1,15 @@ +{{- if gt (int .Values.replicaCount) 1 }} + +apiVersion: policy/v1 +kind: PodDisruptionBudget + name: {{ include "operator-shard-manager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +spec: + minAvailable: 1 + selector: + matchLabels: + {{- include "operator-shard-manager.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/secret.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/secret.yaml new file mode 100644 index 0000000..8969ce0 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/secret.yaml @@ -0,0 +1,14 @@ +{{ template "operator-shard-manager.prepare-certs" $ }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "operator-shard-manager.fullname" . }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + ca.crt: {{ $._caCrt }} + tls.crt: {{ $._serverCrt }} + tls.key: {{ $._serverKey }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/service.yaml new file mode 100644 index 0000000..2304e2c --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "operator-shard-manager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} +{{- if eq "prometheus.io/builtin" ( include "monitoring.agent" . ) }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8443" + prometheus.io/scheme: "https" +{{- end }} +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + - name: metrics + port: 8443 + protocol: TCP + targetPort: metrics + selector: + {{- include "operator-shard-manager.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/serviceaccount.yaml new file mode 100644 index 0000000..0f8286f --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "operator-shard-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "operator-shard-manager.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/servicemonitor.yaml new file mode 100644 index 0000000..74a7c48 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if eq "prometheus.io/operator" ( include "monitoring.agent" . ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "operator-shard-manager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- if eq "true" ( include "monitoring.apply-servicemonitor-label" . ) }} + {{- include "monitoring.servicemonitor-label" . | nindent 4 }} + {{- else }} + {{- include "operator-shard-manager.selectorLabels" . | nindent 4 }} + {{- end }} +spec: + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "operator-shard-manager.selectorLabels" . | nindent 6 }} + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + path: /metrics + port: metrics + scheme: https + tlsConfig: + ca: + secret: + name: {{ include "operator-shard-manager.fullname" . }}-cert + key: ca.crt + cert: + secret: + name: {{ include "operator-shard-manager.fullname" . }}-cert + key: tls.crt + insecureSkipVerify: false + keySecret: + name: {{ include "operator-shard-manager.fullname" . }}-cert + key: tls.key + serverName: "{{ include "operator-shard-manager.fullname" . }}.{{ .Release.Namespace }}.svc" +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/user-roles.yaml new file mode 100644 index 0000000..026675a --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/templates/user-roles.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:operator-shard-manager:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation +rules: +- apiGroups: + - operator.k8s.appscode.com + resources: + - shardconfigurations + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:operator-shard-manager:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation +rules: +- apiGroups: + - operator.k8s.appscode.com + resources: + - shardconfigurations + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appscode:operator-shard-manager:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation +rules: +- apiGroups: + - operator.k8s.appscode.com + resources: + - shardconfigurations + verbs: ["get", "list", "watch"] diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/values.openapiv3_schema.yaml new file mode 100644 index 0000000..afdae68 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/values.openapiv3_schema.yaml @@ -0,0 +1,2127 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + required: + - enableMutatingWebhook + - enableValidatingWebhook + - healthcheck + - servingCerts + type: object + criticalAddon: + type: boolean + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + networkPolicy: + properties: + enabled: + type: boolean + required: + - enabled + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array +required: +- apiserver +- image +- imagePullPolicy +- monitoring +- registryFQDN +- replicaCount +- serviceAccount +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/values.yaml new file mode 100644 index 0000000..7485074 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/operator-shard-manager/values.yaml @@ -0,0 +1,103 @@ +# Default values for sidekick. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Overrides name template +nameOverride: "" +# Overrides fullname template +fullnameOverride: "" + +replicaCount: 1 + +# Docker registry fqdn used to pull docker images +# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} +registryFQDN: ghcr.io +image: + # Docker registry used to pull operator image + registry: appscode + # Name of operator container image + repository: operator-shard-manager + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Compute Resources required by the operator container + resources: {} + # Security options this container should run with + securityContext: # +doc-gen:break + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + +# Specify an array of imagePullSecrets. +# Secrets must be manually created in the namespace. +# +# Example: +# helm template charts/supervisor \ +# --set imagePullSecrets[0].name=sec0 \ +# --set imagePullSecrets[1].name=sec1 +imagePullSecrets: [] +# Container image pull policy +imagePullPolicy: IfNotPresent +# If true, installs shard manager as critical addon +criticalAddon: false +# Log level for operator +logLevel: 3 +# Annotations applied to operator deployment +annotations: {} +# Annotations passed to operator pod(s). +podAnnotations: {} +# Labels passed to operator pod(s) +podLabels: {} +# Node labels for pod assignment +nodeSelector: # +doc-gen:break + kubernetes.io/os: linux + +podSecurityContext: {} + # fsGroup: 2000 + +tolerations: [] + +affinity: {} + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +apiserver: + # If true, mutating webhook is configured for shard manager CRDs + enableMutatingWebhook: false + # If true, validating webhook is configured for shard manager CRDs + enableValidatingWebhook: false + healthcheck: + # If true, enables the readiness and liveliness probes for the operator pod. + enabled: false + servingCerts: + # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) + # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. + generate: true + # CA certficate used by serving certificate of webhook server. + caCrt: "" + # Serving certficate used by webhook server. + serverCrt: "" + # Private key for the serving certificate used by webhook server. + serverKey: "" +monitoring: + # Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") + agent: "" + serviceMonitor: + # Specify the labels for ServiceMonitor. + # Prometheus crd will select ServiceMonitor using these labels. + # Only usable when monitoring agent is `prometheus.io/operator`. + labels: {} + +networkPolicy: + enabled: false diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/Chart.yaml similarity index 86% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/Chart.yaml index 8a43228..335d06a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.0.7 +appVersion: v0.0.10 description: Petset Operator by AppsCode home: https://kubedb.com/ icon: https://cdn.appscode.com/images/products/stash/petset-icon.png @@ -9,4 +9,4 @@ maintainers: name: petset sources: - https://github.com/stashed -version: v2024.9.30 +version: v2025.3.14 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/README.md new file mode 100644 index 0000000..6767785 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/README.md @@ -0,0 +1,96 @@ +# Petset Operator + +[Petset Operator by AppsCode](https://github.com/kubeops/petset) - Petset Operator by AppsCode + +## TL;DR; + +```bash +$ helm repo add appscode https://charts.appscode.com/stable/ +$ helm repo update +$ helm search repo appscode/petset --version=v2025.3.14 +$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2025.3.14 +``` + +## Introduction + +This chart deploys Petset operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.21+ + +## Installing the Chart + +To install/upgrade the chart with the release name `petset`: + +```bash +$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2025.3.14 +``` + +The command deploys Petset operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall the `petset`: + +```bash +$ helm uninstall petset -n kubeops +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `petset` chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| nameOverride | Overrides name template | "" | +| fullnameOverride | Overrides fullname template | "" | +| replicaCount | Number of stash operator replicas to create (only 1 is supported) | 1 | +| registryFQDN | Docker registry fqdn used to pull Stash related images. Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | +| image.registry | Docker registry used to pull operator image | appscode | +| image.repository | Name of operator container image | petset | +| image.tag | Operator container image tag | "" | +| image.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} | +| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | +| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/petset \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | +| imagePullPolicy | Container image pull policy | IfNotPresent | +| criticalAddon | If true, installs petset as critical addon | false | +| logLevel | Log level for operator | 3 | +| annotations | Annotations applied to operator deployment | {} | +| podAnnotations | Annotations passed to operator pod(s). | {} | +| podLabels | Labels passed to operator pod(s) | {} | +| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} | +| tolerations | Tolerations for pod assignment | [] | +| affinity | Affinity rules for pod assignment | {} | +| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | +| serviceAccount.create | Specifies whether a service account should be created | true | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | +| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for petset CRDs | true | +| apiserver.enableValidatingWebhook | If true, validating webhook is configured for petset CRDs | true | +| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | +| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | +| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | +| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | +| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | +| monitoring.agent | Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin") | "none" | +| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | +| networkPolicy.enabled | | false | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: + +```bash +$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2025.3.14 --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +$ helm upgrade -i petset appscode/petset -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml +``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/crds/apps.k8s.appscode.com_petsets.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/crds/apps.k8s.appscode.com_petsets.yaml similarity index 98% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/crds/apps.k8s.appscode.com_petsets.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/crds/apps.k8s.appscode.com_petsets.yaml index 4686389..67208d8 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/crds/apps.k8s.appscode.com_petsets.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/crds/apps.k8s.appscode.com_petsets.yaml @@ -803,6 +803,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -909,6 +910,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -990,6 +992,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1107,6 +1111,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1508,6 +1513,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1614,6 +1620,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1695,6 +1702,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1812,6 +1821,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2227,6 +2237,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2333,6 +2344,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2414,6 +2426,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2531,6 +2545,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2695,13 +2710,10 @@ spec: properties: name: type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string required: - name type: object @@ -2709,6 +2721,39 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object restartPolicy: type: string runtimeClassName: @@ -2751,6 +2796,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -2777,6 +2824,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2916,10 +2965,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -3296,6 +3347,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -3309,6 +3367,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3557,6 +3616,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3564,6 +3624,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3575,6 +3636,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3583,6 +3645,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3600,6 +3663,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/crds/apps.k8s.appscode.com_placementpolicies.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/crds/apps.k8s.appscode.com_placementpolicies.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/crds/apps.k8s.appscode.com_placementpolicies.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/crds/apps.k8s.appscode.com_placementpolicies.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/NOTES.txt similarity index 80% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/NOTES.txt index 6eed88c..613d21a 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/NOTES.txt +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/NOTES.txt @@ -1,3 +1,3 @@ -To verify that Stash has started, run: +To verify that Petset has started, run: kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "petset.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/_helpers.tpl similarity index 60% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/_helpers.tpl index 45a40d6..0872e69 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/_helpers.tpl +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/_helpers.tpl @@ -3,8 +3,8 @@ Expand the name of the chart. */}} {{- define "petset.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. @@ -12,24 +12,24 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "petset.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "petset.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Common labels @@ -41,7 +41,7 @@ helm.sh/chart: {{ include "petset.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} +{{- end }} {{/* Selector labels @@ -49,67 +49,63 @@ Selector labels {{- define "petset.selectorLabels" -}} app.kubernetes.io/name: {{ include "petset.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- with .Values.podLabels }} -{{- toYaml . | nindent 0 }} -{{- end -}} -{{- end -}} +{{- end }} {{/* Create the name of the service account to use */}} {{- define "petset.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "petset.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{- define "petset.webhookServiceName" -}} -{{- printf "%s-webhook" (include "petset.fullname" . ) | trunc 63 | trimPrefix "-" -}} -{{- end -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "petset.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} {{/* -Returns the registry used for operator docker image +Returns the appscode license */}} -{{- define "operator.registry" -}} -{{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }} +{{- define "appscode.license" -}} +{{- .Values.license }} {{- end }} {{/* -Returns the registry used for kube-rbac-proxy docker image +Returns the registry used for operator docker image */}} -{{- define "rbacproxy.registry" -}} -{{- list .Values.registryFQDN .Values.rbacproxy.registry | compact | join "/" }} +{{- define "image.registry" -}} +{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }} +{{- end }} + +{{- define "appscode.imagePullSecrets" -}} +{{- with .Values.imagePullSecrets -}} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} {{- end }} {{/* -Returns the registry used for cleaner docker image +Returns the enabled monitoring agent name */}} -{{- define "cleaner.registry" -}} -{{- list .Values.registryFQDN .Values.cleaner.registry | compact | join "/" }} +{{- define "monitoring.agent" -}} +{{- .Values.monitoring.agent }} {{- end }} {{/* -Returns whether the cleaner job YAML will be generated or not +Returns whether the ServiceMonitor will be labeled with custom label */}} -{{- define "cleaner.generate" -}} -{{- ternary "false" "true" .Values.cleaner.skip -}} +{{- define "monitoring.apply-servicemonitor-label" -}} +{{- ternary "false" "true" ( empty .Values.monitoring.serviceMonitor.labels ) -}} {{- end }} -{{- define "appscode.imagePullSecrets" -}} -{{- with .Values.imagePullSecrets -}} -imagePullSecrets: -{{- toYaml . | nindent 2 }} +{{/* +Returns the ServiceMonitor labels +*/}} +{{- define "monitoring.servicemonitor-label" -}} +{{- range $key, $val := .Values.monitoring.serviceMonitor.labels }} +{{ $key }}: {{ $val }} {{- end }} {{- end }} -{{- define "image-pull-secrets" -}} -{{- with .Values.imagePullSecrets -}} -imagePullSecrets: -{{- toYaml . | nindent 2 }} -{{- end -}} -{{- end -}} {{/* Prepare certs @@ -121,7 +117,7 @@ Prepare certs {{- $serverKey := "" }} {{- if .Values.apiserver.servingCerts.generate }} {{- $ca := genCA "ca" 3650 }} -{{- $cn := include "petset.webhookServiceName" . -}} +{{- $cn := include "petset.fullname" . -}} {{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} {{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} {{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} @@ -138,5 +134,5 @@ Prepare certs {{ $_ := set $ "_serverCrt" $serverCrt }} {{ $_ := set $ "_serverKey" $serverKey }} -{{- end -}} -{{- end -}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..05b7055 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/cluster-role-binding.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "petset.fullname" . }} + labels: + {{- include "petset.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "petset.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "petset.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "petset.fullname" . }}-auth-delegator + labels: + {{- include "petset.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ include "petset.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "petset.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "petset.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "petset.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "petset.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/cluster_role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/cluster-role.yaml similarity index 59% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/cluster_role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/cluster-role.yaml index 305e394..9a7a2e2 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/cluster_role.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/cluster-role.yaml @@ -37,3 +37,43 @@ rules: resources: - controllerrevisions verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "petset.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "petset.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/deployment.yaml similarity index 64% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/deployment.yaml index a74c24e..5221160 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/deployment.yaml @@ -17,14 +17,12 @@ {{ $affinity = default .Values.affinity .Values.global.affinity }} {{- end }} -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "petset.fullname" . }}-webhook-server + name: {{ include "petset.fullname" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/component: webhook-server {{- include "petset.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: @@ -34,15 +32,16 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/component: webhook-server {{- include "petset.selectorLabels" . | nindent 6 }} template: metadata: labels: - app.kubernetes.io/component: webhook-server {{- include "petset.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/webhook-server/cert.yaml") . | sha256sum }} + reload: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if $criticalAddon }} scheduler.alpha.kubernetes.io/critical-pod: '' {{- end }} @@ -53,18 +52,19 @@ spec: {{- include "appscode.imagePullSecrets" . | nindent 6 }} serviceAccountName: {{ include "petset.serviceAccountName" . }} containers: - - name: webhook-server - image: "{{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} + - name: operator securityContext: - {{- toYaml .Values.operator.securityContext | nindent 10 }} + {{- toYaml .Values.image.securityContext | nindent 10 }} + image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.imagePullPolicy }} args: - - webhook - - --webhook-name={{ include "petset.fullname" . }} - ports: - - name: webhook-server - containerPort: 9443 - protocol: TCP + - run + - --v={{ .Values.logLevel }} + - --leader-elect={{ gt (int .Values.replicaCount) 1 }} + - --metrics-secure=true + - --metrics-bind-address=:8443 + - --health-probe-bind-address=:8081 + - --cert-dir=/var/serving-cert env: - name: POD_NAME valueFrom: @@ -74,46 +74,40 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + ports: + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP {{- if .Values.apiserver.healthcheck.enabled }} readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - livenessProbe: httpGet: path: /healthz - port: 8081 + port: probes initialDelaySeconds: 15 periodSeconds: 20 + livenessProbe: + httpGet: + path: /healthz + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} resources: - {{- toYaml .Values.operator.resources | nindent 10 }} + {{- toYaml .Values.image.resources | nindent 10 }} volumeMounts: - - name: serving-cert - mountPath: /var/serving-cert - readOnly: true - - name: kube-rbac-proxy - image: "{{ include "rbacproxy.registry" . }}/{{ .Values.rbacproxy.repository }}:{{ .Values.rbacproxy.tag }}" - securityContext: - {{- toYaml .Values.rbacproxy.securityContext | nindent 10 }} - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: - {{- toYaml .Values.rbacproxy.resources | nindent 10 }} + - mountPath: /var/serving-cert + name: serving-cert volumes: - name: serving-cert secret: defaultMode: 420 - secretName: {{ include "petset.fullname" . }}-webhook-cert + secretName: {{ include "petset.fullname" . }}-cert securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if or $tolerations $criticalAddon }} @@ -126,9 +120,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "petset.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: @@ -137,4 +139,3 @@ spec: {{- if $criticalAddon }} priorityClassName: system-cluster-critical {{- end -}} -{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/mutating_webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/mutating-webhook.yaml similarity index 81% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/mutating_webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/mutating-webhook.yaml index 959c885..94b8409 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/mutating_webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/mutating-webhook.yaml @@ -1,19 +1,20 @@ {{ template "petset.prepare-certs" $ }} {{- if .Values.apiserver.enableMutatingWebhook }} + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - name: {{ include "petset.fullname" . }} + name: mutators.petset.appscode.com labels: - {{- include "petset.labels" . | nindent 4 }} + {{- include "petset.labels" . | nindent 4 }} webhooks: - admissionReviewVersions: - v1 clientConfig: service: - name: {{ include "petset.webhookServiceName" . }} namespace: {{ .Release.Namespace }} + name: {{ include "petset.fullname" . }} path: /mutate-apps-k8s-appscode-com-v1-petset caBundle: {{ $._caCrt }} failurePolicy: Fail @@ -29,4 +30,5 @@ webhooks: resources: - petsets sideEffects: None -{{ end }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/network-policy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/network-policy.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/network-policy.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/network-policy.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/pdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/pdb.yaml new file mode 100644 index 0000000..a52bb7e --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/pdb.yaml @@ -0,0 +1,15 @@ +{{- if gt (int .Values.replicaCount) 1 }} + +apiVersion: policy/v1 +kind: PodDisruptionBudget + name: {{ include "petset.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "petset.labels" . | nindent 4 }} +spec: + minAvailable: 1 + selector: + matchLabels: + {{- include "petset.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/placementpolicies/default.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/placementpolicies/default.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/placementpolicies/default.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/placementpolicies/default.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/cert.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/secret.yaml similarity index 60% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/cert.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/secret.yaml index a864a0e..547f6cc 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/cert.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/secret.yaml @@ -1,16 +1,14 @@ {{ template "petset.prepare-certs" $ }} -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} apiVersion: v1 kind: Secret metadata: - name: {{ include "petset.fullname" . }}-webhook-cert + name: {{ include "petset.fullname" . }}-cert namespace: {{ .Release.Namespace }} labels: {{- include "petset.labels" . | nindent 4 }} -type: Opaque +type: kubernetes.io/tls data: ca.crt: {{ $._caCrt }} tls.crt: {{ $._serverCrt }} tls.key: {{ $._serverKey }} -{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/service.yaml new file mode 100644 index 0000000..c0a62b9 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "petset.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "petset.labels" . | nindent 4 }} +{{- if eq "prometheus.io/builtin" ( include "monitoring.agent" . ) }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8443" + prometheus.io/scheme: "https" +{{- end }} +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + - name: metrics + port: 8443 + protocol: TCP + targetPort: metrics + selector: + {{- include "petset.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/serviceaccount.yaml similarity index 96% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/serviceaccount.yaml index dc3b0f1..3651e33 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/serviceaccount.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/serviceaccount.yaml @@ -10,4 +10,4 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/monitoring/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/servicemonitor.yaml similarity index 51% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/monitoring/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/servicemonitor.yaml index 3a21a44..88a32eb 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/monitoring/servicemonitor.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/servicemonitor.yaml @@ -1,15 +1,12 @@ -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} -{{- if eq .Values.monitoring.agent "prometheus.io/operator" }} +{{- if eq "prometheus.io/operator" ( include "monitoring.agent" . ) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "petset.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- if .Values.monitoring.serviceMonitor.labels }} - {{- range $key, $val := .Values.monitoring.serviceMonitor.labels }} - {{ $key }}: {{ $val }} - {{- end }} + {{- if eq "true" ( include "monitoring.apply-servicemonitor-label" . ) }} + {{- include "monitoring.servicemonitor-label" . | nindent 4 }} {{- else }} {{- include "petset.selectorLabels" . | nindent 4 }} {{- end }} @@ -21,17 +18,22 @@ spec: matchLabels: {{- include "petset.selectorLabels" . | nindent 6 }} endpoints: - {{- if .Values.monitoring.operator }} - - port: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token path: /metrics + port: metrics scheme: https tlsConfig: ca: secret: - name: {{ include "petset.fullname" . }}-webhook-cert + name: {{ include "petset.fullname" . }}-cert + key: ca.crt + cert: + secret: + name: {{ include "petset.fullname" . }}-cert key: tls.crt + insecureSkipVerify: false + keySecret: + name: {{ include "petset.fullname" . }}-cert + key: tls.key serverName: "{{ include "petset.fullname" . }}.{{ .Release.Namespace }}.svc" - {{- end }} {{- end }} -{{ end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/user_roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/rbac/user_roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/validating_webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/validating-webhook.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/validating_webhook.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/validating-webhook.yaml index 740a05a..7d144d7 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/templates/webhook-server/validating_webhook.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/templates/validating-webhook.yaml @@ -1,10 +1,11 @@ {{ template "petset.prepare-certs" $ }} {{- if .Values.apiserver.enableValidatingWebhook }} + apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: {{ include "petset.fullname" . }} + name: validators.petset.appscode.com labels: {{- include "petset.labels" . | nindent 4 }} webhooks: @@ -12,8 +13,8 @@ webhooks: - v1 clientConfig: service: - name: {{ include "petset.webhookServiceName" . }} namespace: {{ .Release.Namespace }} + name: {{ include "petset.fullname" . }} path: /validate-apps-k8s-appscode-com-v1-petset caBundle: {{ $._caCrt }} failurePolicy: Fail @@ -29,4 +30,5 @@ webhooks: resources: - petsets sideEffects: None -{{ end }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/values.openapiv3_schema.yaml new file mode 100644 index 0000000..966617d --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/values.openapiv3_schema.yaml @@ -0,0 +1,2127 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + required: + - enableMutatingWebhook + - enableValidatingWebhook + - healthcheck + - servingCerts + type: object + criticalAddon: + type: boolean + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + networkPolicy: + properties: + enabled: + type: boolean + required: + - enabled + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array +required: +- image +- imagePullPolicy +- monitoring +- registryFQDN +- replicaCount +- serviceAccount +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/values.yaml similarity index 65% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/values.yaml index 3f7ed0c..8ac8d80 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/petset/values.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/petset/values.yaml @@ -12,7 +12,7 @@ replicaCount: 1 # Docker registry fqdn used to pull Stash related images. # Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} registryFQDN: ghcr.io -operator: +image: # Docker registry used to pull operator image registry: appscode # Name of operator container image @@ -34,39 +34,17 @@ operator: seccompProfile: type: RuntimeDefault -rbacproxy: - # Docker registry used to pull operator image - registry: appscode - # Name of operator container image - repository: kube-rbac-proxy - # Operator container image tag - tag: v0.15.0 - # Compute Resources required by the operator container - resources: # +doc-gen:break - requests: - cpu: "100m" - # Security options this container should run with - securityContext: # +doc-gen:break - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - # Specify an array of imagePullSecrets. # Secrets must be manually created in the namespace. # # Example: -# helm template charts/stash \ +# helm template charts/petset \ # --set imagePullSecrets[0].name=sec0 \ # --set imagePullSecrets[1].name=sec1 imagePullSecrets: [] # Container image pull policy imagePullPolicy: IfNotPresent -# If true, installs Stash operator as critical addon +# If true, installs petset as critical addon criticalAddon: false # Log level for operator logLevel: 3 @@ -95,22 +73,10 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: apiserver: - # The minimum priority the webhook api group should have at least. Please see - # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 - # for more information on proper values of this field. - groupPriorityMinimum: 10000 - # The ordering of the webhook api inside of the group. Please see - # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 - # for more information on proper values of this field - versionPriority: 15 - # If true, mutating webhook is configured for Kubernetes workloads + # If true, mutating webhook is configured for petset CRDs enableMutatingWebhook: true - # If true, validating webhook is configured for Stash CRDss + # If true, validating webhook is configured for petset CRDs enableValidatingWebhook: true - # If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. - bypassValidatingWebhookXray: false - # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) - useKubeapiserverFqdnForAks: true healthcheck: # If true, enables the readiness and liveliness probes for the operator pod. enabled: false diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/.helmignore similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/Chart.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/Chart.yaml index a8369ec..cbc982d 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.0.10 +appVersion: v0.0.11 description: A Helm chart for Sidekick Operator by AppsCode home: https://github.com/kubeops/sidekick icon: https://cdn.appscode.com/images/products/searchlight/icons/android-icon-192x192.png @@ -10,4 +10,4 @@ name: sidekick sources: - https://github.com/kubeops/sidekick type: application -version: v2024.11.8 +version: v2025.3.14 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/README.md new file mode 100644 index 0000000..74b4e4c --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/README.md @@ -0,0 +1,96 @@ +# Sidekick + +[Sidekick by AppsCode](https://github.com/kubeops/sidekick) - Sidekick for Kubernetes + +## TL;DR; + +```bash +$ helm repo add appscode https://charts.appscode.com/stable/ +$ helm repo update +$ helm search repo appscode/sidekick --version=v2025.3.14 +$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2025.3.14 +``` + +## Introduction + +This chart deploys an Sidekick on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.21+ + +## Installing the Chart + +To install/upgrade the chart with the release name `sidekick`: + +```bash +$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2025.3.14 +``` + +The command deploys an Sidekick on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall the `sidekick`: + +```bash +$ helm uninstall sidekick -n kubeops +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `sidekick` chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| nameOverride | Overrides name template | "" | +| fullnameOverride | Overrides fullname template | "" | +| replicaCount | | 1 | +| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | +| image.registry | Docker registry used to pull operator image | appscode | +| image.repository | Name of operator container image | sidekick | +| image.tag | Overrides the image tag whose default is the chart appVersion. | "" | +| image.resources | Compute Resources required by the operator container | {} | +| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | +| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/stash \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | +| imagePullPolicy | Container image pull policy | Always | +| criticalAddon | If true, installs sidekick as critical addon | false | +| logLevel | Log level for operator | 3 | +| annotations | Annotations applied to operator deployment | {} | +| podAnnotations | Annotations passed to operator pod(s). | {} | +| podLabels | Labels passed to operator pod(s) | {} | +| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} | +| podSecurityContext | | {} | +| tolerations | | [] | +| affinity | | {} | +| serviceAccount.create | Specifies whether a service account should be created | true | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | +| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for sidekick CRDs | false | +| apiserver.enableValidatingWebhook | If true, validating webhook is configured for sidekick CRDs | false | +| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | +| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | +| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | +| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | +| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | +| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" | +| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | +| networkPolicy.enabled | | false | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: + +```bash +$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2025.3.14 --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +$ helm upgrade -i sidekick appscode/sidekick -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml +``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/crds/apps.k8s.appscode.com_sidekicks.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/crds/apps.k8s.appscode.com_sidekicks.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/crds/apps.k8s.appscode.com_sidekicks.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/crds/apps.k8s.appscode.com_sidekicks.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/NOTES.txt similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/NOTES.txt index c4c4162..f322e6f 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/NOTES.txt +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/NOTES.txt @@ -1,3 +1,3 @@ -To verify that Supervisor has started, run: +To verify that Sidekick has started, run: kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "sidekick.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/_helpers.tpl similarity index 71% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/_helpers.tpl index 4609ce6..2fbc54b 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/_helpers.tpl +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/_helpers.tpl @@ -105,3 +105,33 @@ Returns the ServiceMonitor labels {{ $key }}: {{ $val }} {{- end }} {{- end }} + +{{/* +Prepare certs +*/}} +{{- define "sidekick.prepare-certs" -}} +{{- if not ._caCrt }} +{{- $caCrt := "" }} +{{- $serverCrt := "" }} +{{- $serverKey := "" }} +{{- if .Values.apiserver.servingCerts.generate }} +{{- $ca := genCA "ca" 3650 }} +{{- $cn := include "sidekick.fullname" . -}} +{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} +{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} +{{- $caCrt = b64enc $ca.Cert }} +{{- $serverCrt = b64enc $server.Cert }} +{{- $serverKey = b64enc $server.Key }} +{{- else }} +{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} +{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} +{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} +{{- end }} + +{{ $_ := set $ "_caCrt" $caCrt }} +{{ $_ := set $ "_serverCrt" $serverCrt }} +{{ $_ := set $ "_serverKey" $serverKey }} + +{{- end }} +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..a1a85ea --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/cluster-role-binding.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "sidekick.fullname" . }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "sidekick.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "sidekick.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "sidekick.fullname" . }}-auth-delegator + labels: + {{- include "sidekick.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ include "sidekick.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sidekick.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sidekick.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "sidekick.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/cluster-role.yaml new file mode 100644 index 0000000..4895b86 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/cluster-role.yaml @@ -0,0 +1,62 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "sidekick.fullname" . }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} +rules: +- apiGroups: + - apps.k8s.appscode.com + resources: ["*"] + verbs: ["*"] +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ["*"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sidekick.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/deployment.yaml new file mode 100644 index 0000000..d18d50e --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/deployment.yaml @@ -0,0 +1,141 @@ +{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }} +{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }} +{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}} + +{{- $nodeSelector := .Values.nodeSelector }} +{{- if .Values.global }} + {{ $nodeSelector = default .Values.nodeSelector .Values.global.nodeSelector }} +{{- end }} + +{{- $tolerations := .Values.tolerations }} +{{- if .Values.global }} + {{ $tolerations = default .Values.tolerations .Values.global.tolerations }} +{{- end }} + +{{- $affinity := .Values.affinity }} +{{- if .Values.global }} + {{ $affinity = default .Values.affinity .Values.global.affinity }} +{{- end }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sidekick.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "sidekick.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "sidekick.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + reload: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if $criticalAddon }} + scheduler.alpha.kubernetes.io/critical-pod: '' + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "appscode.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "sidekick.serviceAccountName" . }} + containers: + - name: operator + securityContext: + {{- toYaml .Values.image.securityContext | nindent 10 }} + image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - run + - --v={{ .Values.logLevel }} + - --leader-elect={{ gt (int .Values.replicaCount) 1 }} + - --metrics-secure=true + - --metrics-bind-address=:8443 + - --health-probe-bind-address=:8081 + - --cert-dir=/var/serving-cert + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP + {{- if .Values.apiserver.healthcheck.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: probes + initialDelaySeconds: 15 + periodSeconds: 20 + livenessProbe: + httpGet: + path: /healthz + port: probes + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + resources: + {{- toYaml .Values.image.resources | nindent 10 }} + volumeMounts: + - mountPath: /var/serving-cert + name: serving-cert + volumes: + - name: serving-cert + secret: + defaultMode: 420 + secretName: {{ include "sidekick.fullname" . }}-cert + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if or $tolerations $criticalAddon }} + tolerations: + {{- with $tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if $criticalAddon }} + - key: CriticalAddonsOnly + operator: Exists + {{- end -}} + {{- end -}} + {{- if $affinity }} + affinity: + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "sidekick.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + {{- with $nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if $criticalAddon }} + priorityClassName: system-cluster-critical + {{- end -}} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/network-policy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/network-policy.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/network-policy.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/network-policy.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/pdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/pdb.yaml new file mode 100644 index 0000000..d8bda30 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/pdb.yaml @@ -0,0 +1,15 @@ +{{- if gt (int .Values.replicaCount) 1 }} + +apiVersion: policy/v1 +kind: PodDisruptionBudget + name: {{ include "sidekick.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} +spec: + minAvailable: 1 + selector: + matchLabels: + {{- include "sidekick.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/secret.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/secret.yaml new file mode 100644 index 0000000..605192c --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/secret.yaml @@ -0,0 +1,14 @@ +{{ template "sidekick.prepare-certs" $ }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "sidekick.fullname" . }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "sidekick.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + ca.crt: {{ $._caCrt }} + tls.crt: {{ $._serverCrt }} + tls.key: {{ $._serverKey }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/service.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/service.yaml index d7700d6..50381c3 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/service.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/service.yaml @@ -14,12 +14,13 @@ metadata: {{- end }} spec: ports: - # Port used to expose admission webhook apiserver - - name: api - port: 80 - targetPort: 8081 + - name: https + port: 443 + protocol: TCP + targetPort: https - name: metrics - port: 8080 - targetPort: 8080 + port: 8443 + protocol: TCP + targetPort: metrics selector: {{- include "sidekick.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/servicemonitor.yaml similarity index 53% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/servicemonitor.yaml index bbf9b9f..8c99cd9 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/servicemonitor.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/servicemonitor.yaml @@ -18,6 +18,22 @@ spec: matchLabels: {{- include "sidekick.selectorLabels" . | nindent 6 }} endpoints: - - port: metrics - scheme: http + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + path: /metrics + port: metrics + scheme: https + tlsConfig: + ca: + secret: + name: {{ include "sidekick.fullname" . }}-cert + key: ca.crt + cert: + secret: + name: {{ include "sidekick.fullname" . }}-cert + key: tls.crt + insecureSkipVerify: false + keySecret: + name: {{ include "sidekick.fullname" . }}-cert + key: tls.key + serverName: "{{ include "sidekick.fullname" . }}.{{ .Release.Namespace }}.svc" {{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/templates/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/templates/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/values.openapiv3_schema.yaml new file mode 100644 index 0000000..afdae68 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/values.openapiv3_schema.yaml @@ -0,0 +1,2127 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + required: + - enableMutatingWebhook + - enableValidatingWebhook + - healthcheck + - servingCerts + type: object + criticalAddon: + type: boolean + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + networkPolicy: + properties: + enabled: + type: boolean + required: + - enabled + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array +required: +- apiserver +- image +- imagePullPolicy +- monitoring +- registryFQDN +- replicaCount +- serviceAccount +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/values.yaml similarity index 63% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/values.yaml index 7d3f016..5c20764 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/sidekick/values.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/sidekick/values.yaml @@ -42,6 +42,26 @@ image: imagePullSecrets: [] # Container image pull policy imagePullPolicy: Always +# If true, installs sidekick as critical addon +criticalAddon: false +# Log level for operator +logLevel: 3 +# Annotations applied to operator deployment +annotations: {} +# Annotations passed to operator pod(s). +podAnnotations: {} +# Labels passed to operator pod(s) +podLabels: {} +# Node labels for pod assignment +nodeSelector: # +doc-gen:break + kubernetes.io/os: linux + +podSecurityContext: {} + # fsGroup: 2000 + +tolerations: [] + +affinity: {} serviceAccount: # Specifies whether a service account should be created @@ -52,17 +72,24 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - +apiserver: + # If true, mutating webhook is configured for sidekick CRDs + enableMutatingWebhook: false + # If true, validating webhook is configured for sidekick CRDs + enableValidatingWebhook: false + healthcheck: + # If true, enables the readiness and liveliness probes for the operator pod. + enabled: false + servingCerts: + # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) + # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. + generate: true + # CA certficate used by serving certificate of webhook server. + caCrt: "" + # Serving certficate used by webhook server. + serverCrt: "" + # Private key for the serving certificate used by webhook server. + serverKey: "" monitoring: # Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") agent: "" diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/.helmignore b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/.helmignore similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/.helmignore rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/.helmignore diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/Chart.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/Chart.yaml similarity index 89% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/Chart.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/Chart.yaml index 5c2af49..6a70946 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/Chart.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.0.7 +appVersion: v0.0.9 description: A Helm chart for Supervisor by AppsCode home: https://github.com/kubeops/supervisor icon: https://cdn.appscode.com/images/products/searchlight/icons/android-icon-192x192.png @@ -10,4 +10,4 @@ name: supervisor sources: - https://github.com/kubeops/supervisor type: application -version: v2024.11.8 +version: v2025.3.14 diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/README.md b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/README.md new file mode 100644 index 0000000..bcea191 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/README.md @@ -0,0 +1,100 @@ +# Supervisor + +[Supervisor by AppsCode](https://github.com/kubeops/supervisor) - Supervisor for Kubernetes + +## TL;DR; + +```bash +$ helm repo add appscode https://charts.appscode.com/stable/ +$ helm repo update +$ helm search repo appscode/supervisor --version=v2025.3.14 +$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2025.3.14 +``` + +## Introduction + +This chart deploys a Supervisor on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.21+ + +## Installing the Chart + +To install/upgrade the chart with the release name `supervisor`: + +```bash +$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2025.3.14 +``` + +The command deploys a Supervisor on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall the `supervisor`: + +```bash +$ helm uninstall supervisor -n kubeops +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `supervisor` chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| nameOverride | Overrides name template | "" | +| fullnameOverride | Overrides fullname template | "" | +| replicaCount | Number of Supervisor replicas to create (only 1 is supported) | 1 | +| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | +| image.registry | Docker registry used to pull operator image | appscode | +| image.repository | Name of operator container image | supervisor | +| image.tag | Operator container image tag | "" | +| image.resources | Compute Resources required by the operator container | {} | +| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | +| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/supervisor \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | +| imagePullPolicy | Container image pull policy | IfNotPresent | +| criticalAddon | If true, installs Supervisor as critical addon | false | +| logLevel | Log level for operator | 3 | +| annotations | Annotations applied to operator deployment | {} | +| podAnnotations | Annotations passed to operator pod(s). | {} | +| podLabels | Labels passed to operator pod(s) | {} | +| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} | +| tolerations | Tolerations for pod assignment | [] | +| affinity | Affinity rules for pod assignment | {} | +| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | +| serviceAccount.create | Specifies whether a service account should be created | true | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | +| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Supervisor CRDs | true | +| apiserver.enableValidatingWebhook | If true, validating webhook is configured for Supervisor CRDs | true | +| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | +| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | +| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | +| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | +| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | +| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" | +| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} | +| networkPolicy.enabled | | false | +| maxConcurrentReconcile | Maximum number of Recommendation object that will be reconciled concurrently | 5 | +| requeueAfterDuration | Duration after the Recommendation object will be requeue when it is waiting for MaintenanceWindow. The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration | 1m | +| retryAfterDuration | Duration after the failure events will be requeue again. The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration | 1m | +| beforeDeadlineDuration | When there is less time than `beforeDeadlineDuration` before deadline, Recommendations are free to execute regardless of Parallelism. The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration | 24h | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: + +```bash +$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2025.3.14 --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +$ helm upgrade -i supervisor appscode/supervisor -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml +``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_approvalpolicies.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_approvalpolicies.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_approvalpolicies.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_approvalpolicies.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_clustermaintenancewindows.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_clustermaintenancewindows.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_clustermaintenancewindows.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_clustermaintenancewindows.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_maintenancewindows.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_maintenancewindows.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_maintenancewindows.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_maintenancewindows.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_recommendations.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_recommendations.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/crds/supervisor.appscode.com_recommendations.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/crds/supervisor.appscode.com_recommendations.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/NOTES.txt similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/NOTES.txt diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/_helpers.tpl similarity index 71% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/_helpers.tpl index 6b68006..71771fb 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/_helpers.tpl +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/_helpers.tpl @@ -105,3 +105,33 @@ Returns the ServiceMonitor labels {{ $key }}: {{ $val }} {{- end }} {{- end }} + +{{/* +Prepare certs +*/}} +{{- define "supervisor.prepare-certs" -}} +{{- if not ._caCrt }} +{{- $caCrt := "" }} +{{- $serverCrt := "" }} +{{- $serverKey := "" }} +{{- if .Values.apiserver.servingCerts.generate }} +{{- $ca := genCA "ca" 3650 }} +{{- $cn := include "supervisor.fullname" . -}} +{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} +{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} +{{- $caCrt = b64enc $ca.Cert }} +{{- $serverCrt = b64enc $server.Cert }} +{{- $serverKey = b64enc $server.Key }} +{{- else }} +{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} +{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} +{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} +{{- end }} + +{{ $_ := set $ "_caCrt" $caCrt }} +{{ $_ := set $ "_serverCrt" $serverCrt }} +{{ $_ := set $ "_serverKey" $serverKey }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/cluster-role-binding.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..4699b76 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/cluster-role-binding.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "supervisor.fullname" . }} + labels: + {{- include "supervisor.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "supervisor.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "supervisor.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "supervisor.fullname" . }}-auth-delegator + labels: + {{- include "supervisor.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ include "supervisor.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "supervisor.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "supervisor.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "supervisor.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "supervisor.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/cluster-role.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/cluster-role.yaml similarity index 72% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/cluster-role.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/cluster-role.yaml index 59a3997..fe2e247 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/cluster-role.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/cluster-role.yaml @@ -81,3 +81,43 @@ rules: - ops.kubevault.com resources: ["*"] verbs: ["get", "create", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "supervisor.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "supervisor.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/deployment.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/deployment.yaml similarity index 76% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/deployment.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/deployment.yaml index 56dc0a0..ec92602 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/deployment.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/deployment.yaml @@ -37,8 +37,11 @@ spec: metadata: labels: {{- include "supervisor.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/apiregistration.yaml") . | sha256sum }} + reload: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if $criticalAddon }} scheduler.alpha.kubernetes.io/critical-pod: '' {{- end }} @@ -57,19 +60,15 @@ spec: args: - run - --v={{ .Values.logLevel }} - - --secure-port=8443 - - --audit-log-path=- - - --tls-cert-file=/var/serving-cert/tls.crt - - --tls-private-key-file=/var/serving-cert/tls.key - - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }} - - --enable-validating-webhook={{ .Values.apiserver.enableValidatingWebhook }} - - --enable-mutating-webhook={{ .Values.apiserver.enableMutatingWebhook }} + - --leader-elect={{ gt (int .Values.replicaCount) 1 }} + - --metrics-secure=true + - --metrics-bind-address=:8443 + - --health-probe-bind-address=:8081 + - --cert-dir=/var/serving-cert - --max-concurrent-reconcile={{ .Values.maxConcurrentReconcile }} - --requeue-after-duration={{ .Values.requeueAfterDuration }} - --retry-after-duration={{ .Values.retryAfterDuration }} - --before-deadline-duration={{ .Values.beforeDeadlineDuration }} - ports: - - containerPort: 8443 env: - name: POD_NAME valueFrom: @@ -79,19 +78,29 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + ports: + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP {{- if .Values.apiserver.healthcheck.enabled }} readinessProbe: httpGet: path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 5 + port: probes + initialDelaySeconds: 15 + periodSeconds: 20 livenessProbe: httpGet: path: /healthz - port: 8443 - scheme: HTTPS + port: probes initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} resources: {{- toYaml .Values.image.resources | nindent 10 }} @@ -102,7 +111,7 @@ spec: - name: serving-cert secret: defaultMode: 420 - secretName: {{ include "supervisor.fullname" . }}-apiserver-cert + secretName: {{ include "supervisor.fullname" . }}-cert securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if or $tolerations $criticalAddon }} @@ -115,9 +124,17 @@ spec: operator: Exists {{- end -}} {{- end -}} - {{- with $affinity }} + {{- if $affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml $affinity | nindent 8 }} + {{- else if gt (int .Values.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "supervisor.selectorLabels" . | nindent 16 }} + topologyKey: "kubernetes.io/hostname" {{- end }} {{- with $nodeSelector }} nodeSelector: diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/mutating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/mutating-webhook.yaml new file mode 100644 index 0000000..e707889 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/mutating-webhook.yaml @@ -0,0 +1,54 @@ +{{ template "supervisor.prepare-certs" $ }} + +{{- if .Values.apiserver.enableMutatingWebhook }} + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutators.supervisor.appscode.com + labels: + {{- include "supervisor.labels" . | nindent 4 }} +webhooks: + - name: recommendations.mutators.supervisor.appscode.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "supervisor.fullname" . }} + path: /mutate-supervisor-appscode-com-v1alpha1-recommendation + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["supervisor.appscode.com"] + apiVersions: ["v1alpha1"] + resources: ["recommendations"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + sideEffects: None + - name: maintenancewindows.mutators.supervisor.appscode.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "supervisor.fullname" . }} + path: /mutate-supervisor-appscode-com-v1alpha1-maintenancewindow + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["supervisor.appscode.com"] + apiVersions: ["v1alpha1"] + resources: ["maintenancewindows"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + sideEffects: None + - name: clustermaintenancewindows.mutators.supervisor.appscode.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "supervisor.fullname" . }} + path: /mutate-supervisor-appscode-com-v1alpha1-clustermaintenancewindow + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["supervisor.appscode.com"] + apiVersions: ["v1alpha1"] + resources: ["clustermaintenancewindows"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + sideEffects: None +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/network-policy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/network-policy.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/network-policy.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/network-policy.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/pdb.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/pdb.yaml new file mode 100644 index 0000000..24f0196 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/pdb.yaml @@ -0,0 +1,15 @@ +{{- if gt (int .Values.replicaCount) 1 }} + +apiVersion: policy/v1 +kind: PodDisruptionBudget + name: {{ include "supervisor.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "supervisor.labels" . | nindent 4 }} +spec: + minAvailable: 1 + selector: + matchLabels: + {{- include "supervisor.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/secret.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/secret.yaml new file mode 100644 index 0000000..b785566 --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/secret.yaml @@ -0,0 +1,14 @@ +{{ template "supervisor.prepare-certs" $ }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "supervisor.fullname" . }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "supervisor.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + ca.crt: {{ $._caCrt }} + tls.crt: {{ $._serverCrt }} + tls.key: {{ $._serverKey }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/service.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/service.yaml similarity index 79% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/service.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/service.yaml index 234c86f..8b237db 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/service.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/service.yaml @@ -14,9 +14,13 @@ metadata: {{- end }} spec: ports: - # Port used to expose admission webhook apiserver - - name: api + - name: https port: 443 - targetPort: 8443 + protocol: TCP + targetPort: https + - name: metrics + port: 8443 + protocol: TCP + targetPort: metrics selector: {{- include "supervisor.selectorLabels" . | nindent 4 }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/serviceaccount.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/serviceaccount.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/serviceaccount.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/servicemonitor.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/servicemonitor.yaml similarity index 67% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/servicemonitor.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/servicemonitor.yaml index 4a0a7d3..7124cb4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/servicemonitor.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/servicemonitor.yaml @@ -18,13 +18,22 @@ spec: matchLabels: {{- include "supervisor.selectorLabels" . | nindent 6 }} endpoints: - - port: api - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + path: /metrics + port: metrics scheme: https tlsConfig: ca: secret: - name: {{ include "supervisor.fullname" . }}-apiserver-cert + name: {{ include "supervisor.fullname" . }}-cert key: ca.crt + cert: + secret: + name: {{ include "supervisor.fullname" . }}-cert + key: tls.crt + insecureSkipVerify: false + keySecret: + name: {{ include "supervisor.fullname" . }}-cert + key: tls.key serverName: "{{ include "supervisor.fullname" . }}.{{ .Release.Namespace }}.svc" {{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/user-roles.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/user-roles.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/templates/user-roles.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/user-roles.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/validating-webhook.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/validating-webhook.yaml new file mode 100644 index 0000000..373adec --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/templates/validating-webhook.yaml @@ -0,0 +1,54 @@ +{{ template "supervisor.prepare-certs" $ }} + +{{- if .Values.apiserver.enableValidatingWebhook }} + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validators.supervisor.appscode.com + labels: + {{- include "supervisor.labels" . | nindent 4 }} +webhooks: + - name: recommendations.validators.supervisor.appscode.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "supervisor.fullname" . }} + path: /validate-supervisor-appscode-com-v1alpha1-recommendation + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["supervisor.appscode.com"] + apiVersions: ["v1alpha1"] + resources: ["recommendations"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + sideEffects: None + - name: maintenancewindows.validators.supervisor.appscode.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "supervisor.fullname" . }} + path: /validate-supervisor-appscode-com-v1alpha1-maintenancewindow + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["supervisor.appscode.com"] + apiVersions: ["v1alpha1"] + resources: ["maintenancewindows"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + sideEffects: None + - name: clustermaintenancewindows.validators.supervisor.appscode.com + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "supervisor.fullname" . }} + path: /validate-supervisor-appscode-com-v1alpha1-clustermaintenancewindow + caBundle: {{ $._caCrt }} + rules: + - apiGroups: ["supervisor.appscode.com"] + apiVersions: ["v1alpha1"] + resources: ["clustermaintenancewindows"] + operations: ["CREATE", "UPDATE"] + admissionReviewVersions: ["v1beta1"] + sideEffects: None +{{- end }} diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/values.openapiv3_schema.yaml new file mode 100644 index 0000000..009a65c --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/values.openapiv3_schema.yaml @@ -0,0 +1,2140 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + required: + - enableMutatingWebhook + - enableValidatingWebhook + - healthcheck + - servingCerts + type: object + beforeDeadlineDuration: + type: string + criticalAddon: + type: boolean + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + maxConcurrentReconcile: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + networkPolicy: + properties: + enabled: + type: boolean + required: + - enabled + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + requeueAfterDuration: + type: string + retryAfterDuration: + type: string + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array +required: +- apiserver +- beforeDeadlineDuration +- image +- imagePullPolicy +- maxConcurrentReconcile +- monitoring +- registryFQDN +- replicaCount +- requeueAfterDuration +- retryAfterDuration +- serviceAccount +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/values.yaml similarity index 83% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/values.yaml index 39bf55a..b225e05 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/supervisor/values.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/charts/supervisor/values.yaml @@ -11,18 +11,6 @@ replicaCount: 1 # Docker registry fqdn used to pull docker images # Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} registryFQDN: ghcr.io -# Maximum number of Recommendation object that will be reconciled concurrently -maxConcurrentReconcile: 5 -# Duration after the Recommendation object will be requeue when it is waiting for MaintenanceWindow. -# The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration -requeueAfterDuration: 1m -# Duration after the failure events will be requeue again. -# The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration -retryAfterDuration: 1m -# When there is less time than `beforeDeadlineDuration` before deadline, Recommendations are free to execute regardless of Parallelism. -# The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration -beforeDeadlineDuration: 24h - image: # Docker registry used to pull operator image registry: appscode @@ -61,6 +49,8 @@ logLevel: 3 annotations: {} # Annotations passed to operator pod(s). podAnnotations: {} +# Labels passed to operator pod(s) +podLabels: {} # Node labels for pod assignment nodeSelector: # +doc-gen:break kubernetes.io/os: linux @@ -80,27 +70,16 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: apiserver: - # The minimum priority the webhook api group should have at least. Please see - # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 - # for more information on proper values of this field. - groupPriorityMinimum: 10000 - # The ordering of the webhook api inside of the group. Please see - # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 - # for more information on proper values of this field - versionPriority: 15 # If true, mutating webhook is configured for Supervisor CRDs enableMutatingWebhook: true # If true, validating webhook is configured for Supervisor CRDs enableValidatingWebhook: true - # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) - useKubeapiserverFqdnForAks: true healthcheck: # If true, enables the readiness and liveliness probes for the operator pod. enabled: false servingCerts: # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. - # See also: [example terraform](https://github.com/searchlight/installer/blob/master/charts/supervisor/example-terraform.tf) generate: true # CA certficate used by serving certificate of webhook server. caCrt: "" @@ -119,3 +98,15 @@ monitoring: networkPolicy: enabled: false + +# Maximum number of Recommendation object that will be reconciled concurrently +maxConcurrentReconcile: 5 +# Duration after the Recommendation object will be requeue when it is waiting for MaintenanceWindow. +# The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration +requeueAfterDuration: 1m +# Duration after the failure events will be requeue again. +# The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration +retryAfterDuration: 1m +# When there is less time than `beforeDeadlineDuration` before deadline, Recommendations are free to execute regardless of Parallelism. +# The flag accepts a value acceptable to time.ParseDuration. Ref: https://pkg.go.dev/time#ParseDuration +beforeDeadlineDuration: 24h diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/ci/ci-values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/ci/ci-values.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/ci/ci-values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/ci/ci-values.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/doc.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/doc.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/doc.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/doc.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/templates/NOTES.txt b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/templates/NOTES.txt similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/templates/NOTES.txt rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/templates/NOTES.txt diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/templates/_helpers.tpl b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/templates/_helpers.tpl similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/templates/_helpers.tpl rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/templates/_helpers.tpl diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/templates/network-policy.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/templates/network-policy.yaml similarity index 100% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/templates/network-policy.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/templates/network-policy.yaml diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/values.openapiv3_schema.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/values.openapiv3_schema.yaml new file mode 100644 index 0000000..e57f7fe --- /dev/null +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/values.openapiv3_schema.yaml @@ -0,0 +1,20526 @@ +properties: + ace-user-roles: + properties: + enableClusterRoles: + properties: + ace: + type: boolean + appcatalog: + type: boolean + catalog: + type: boolean + cert-manager: + type: boolean + kubedb: + type: boolean + kubedb-ui: + type: boolean + kubestash: + type: boolean + kubevault: + type: boolean + license-proxyserver: + type: boolean + metrics: + type: boolean + prometheus: + type: boolean + secrets-store: + type: boolean + stash: + type: boolean + virtual-secrets: + type: boolean + required: + - ace + - appcatalog + - catalog + - cert-manager + - kubedb + - kubedb-ui + - kubestash + - kubevault + - license-proxyserver + - metrics + - prometheus + - secrets-store + - stash + - virtual-secrets + type: object + enabled: + type: boolean + required: + - enabled + type: object + global: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + featureGates: + additionalProperties: + type: boolean + type: object + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you + locate the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + insecureRegistries: + items: + type: string + type: array + license: + type: string + licenseSecretName: + type: string + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + networkPolicy: + properties: + enabled: + type: boolean + required: + - enabled + type: object + nodeSelector: + additionalProperties: + type: string + type: object + registry: + type: string + registryFQDN: + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + waitForWebhook: + type: boolean + required: + - featureGates + - insecureRegistries + - license + - licenseSecretName + - monitoring + - registry + - registryFQDN + - waitForWebhook + type: object + kubedb-autoscaler: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + enabled: + type: boolean + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you + locate the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the + referenced claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if + that is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + recommender: + properties: + cpuHistogramDecayHalfLife: + type: string + memoryAggregationInterval: + type: string + memoryAggregationIntervalCount: + format: int64 + type: integer + memoryHistogramDecayHalfLife: + type: string + required: + - cpuHistogramDecayHalfLife + - memoryAggregationInterval + - memoryAggregationIntervalCount + - memoryHistogramDecayHalfLife + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + storageAutoscaler: + properties: + prometheus: + properties: + address: + type: string + bearerToken: + type: string + caCert: + type: string + required: + - address + type: object + required: + - prometheus + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + updateInterval: + type: string + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object + required: + - apiserver + - enabled + - imagePullPolicy + - monitoring + - operator + - registryFQDN + - replicaCount + - serviceAccount + - waitfor + type: object + kubedb-catalog: + properties: + customVersions: + additionalProperties: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + enableVersions: + additionalProperties: + items: + type: string + type: array + type: object + enabled: + type: boolean + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + nameOverride: + type: string + proxies: + properties: + appscode: + description: r.appscode.com + type: string + dockerHub: + description: company/bin:1.23 + type: string + dockerLibrary: + description: alpine, nginx etc. + type: string + ghcr: + description: ghcr.io + type: string + kubernetes: + description: registry.k8s.io + type: string + microsoft: + description: mcr.microsoft.com + type: string + quay: + description: quay.io + type: string + type: object + psp: + properties: + elasticsearch: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + enabled: + type: boolean + kafka: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + mariadb: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + memcached: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + mongodb: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + mysql: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + perconaxtradb: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + postgres: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + proxysql: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + redis: + properties: + allowPrivilegeEscalation: + type: boolean + privileged: + type: boolean + required: + - allowPrivilegeEscalation + - privileged + type: object + required: + - enabled + type: object + skipDeprecated: + type: boolean + required: + - customVersions + - enableVersions + - enabled + - featureGates + - psp + - skipDeprecated + type: object + kubedb-crd-manager: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + enabled: + type: boolean + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + removeUnusedCRDs: + type: boolean + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext holds security configuration that will be applied + to a container. + + Some fields are present in both SecurityContext and PodSecurityContext. When + both + + are set, the values in SecurityContext take precedence.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + ttlSecondsAfterFinished: + type: integer + required: + - enabled + - featureGates + - image + - imagePullPolicy + - removeUnusedCRDs + - serviceAccount + - ttlSecondsAfterFinished + type: object + kubedb-gitops: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + enabled: + type: boolean + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + image: + properties: + pullPolicy: + type: string + registry: + type: string + repository: + type: string + tag: + type: string + required: + - pullPolicy + - registry + - repository + - tag + type: object + imagePullSecrets: + items: + type: string + type: array + livenessProbe: + description: 'Probe describes a health check to be performed against a container + to determine whether it is + + alive or ready to receive traffic.' + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: 'Command is the command line to execute inside the container, + the working directory for the + + command is root (''/'') in the container''s filesystem. The command + is simply exec''d, it is + + not run inside a shell, so traditional shell instructions (''|'', + etc) won''t work. To use + + a shell, you need to explicitly call out to that shell. + + Exit status of 0 is treated as live/healthy and non-zero is unhealthy.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered + failed after having succeeded. + + Defaults to 3. Minimum value is 1.' + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must be in the + range 1 to 65535. + format: int32 + type: integer + service: + default: '' + description: 'Service is the name of the service to place in the gRPC + HealthCheckRequest + + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC.' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: 'Host name to connect to, defaults to the pod IP. You + probably want to set + + "Host" in httpHeaders instead.' + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes a custom header to be used in + HTTP probes + properties: + name: + description: 'The header field name. + + This will be canonicalized upon output, so case-variant names + will be understood as the same header.' + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Name or number of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + scheme: + description: 'Scheme to use for connecting to the host. + + Defaults to HTTP.' + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before + liveness probes are initiated. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: 'How often (in seconds) to perform the probe. + + Default to 10 seconds. Minimum value is 1.' + format: int32 + type: integer + successThreshold: + description: 'Minimum consecutive successes for the probe to be considered + successful after having failed. + + Defaults to 1. Must be 1 for liveness and startup. Minimum value is + 1.' + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: 'Optional duration in seconds the pod needs to terminate + gracefully upon probe failure. + + The grace period is the duration in seconds after the processes running + in the pod are sent + + a termination signal and the time when the processes are forcibly halted + with a kill signal. + + Set this value longer than the expected cleanup time for your process. + + If this value is nil, the pod''s terminationGracePeriodSeconds will + be used. Otherwise, this + + value overrides the value provided by the pod spec. + + Value must be non-negative integer. The value zero indicates stop immediately + via + + the kill signal (no opportunity to shut down). + + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. + + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.' + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times out. + + Defaults to 1 second. Minimum value is 1. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + readinessProbe: + description: 'Probe describes a health check to be performed against a container + to determine whether it is + + alive or ready to receive traffic.' + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: 'Command is the command line to execute inside the container, + the working directory for the + + command is root (''/'') in the container''s filesystem. The command + is simply exec''d, it is + + not run inside a shell, so traditional shell instructions (''|'', + etc) won''t work. To use + + a shell, you need to explicitly call out to that shell. + + Exit status of 0 is treated as live/healthy and non-zero is unhealthy.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered + failed after having succeeded. + + Defaults to 3. Minimum value is 1.' + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must be in the + range 1 to 65535. + format: int32 + type: integer + service: + default: '' + description: 'Service is the name of the service to place in the gRPC + HealthCheckRequest + + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC.' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: 'Host name to connect to, defaults to the pod IP. You + probably want to set + + "Host" in httpHeaders instead.' + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes a custom header to be used in + HTTP probes + properties: + name: + description: 'The header field name. + + This will be canonicalized upon output, so case-variant names + will be understood as the same header.' + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Name or number of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + scheme: + description: 'Scheme to use for connecting to the host. + + Defaults to HTTP.' + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before + liveness probes are initiated. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: 'How often (in seconds) to perform the probe. + + Default to 10 seconds. Minimum value is 1.' + format: int32 + type: integer + successThreshold: + description: 'Minimum consecutive successes for the probe to be considered + successful after having failed. + + Defaults to 1. Must be 1 for liveness and startup. Minimum value is + 1.' + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the container. + + Number must be in the range 1 to 65535. + + Name must be an IANA_SVC_NAME.' + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: 'Optional duration in seconds the pod needs to terminate + gracefully upon probe failure. + + The grace period is the duration in seconds after the processes running + in the pod are sent + + a termination signal and the time when the processes are forcibly halted + with a kill signal. + + Set this value longer than the expected cleanup time for your process. + + If this value is nil, the pod''s terminationGracePeriodSeconds will + be used. Otherwise, this + + value overrides the value provided by the pod spec. + + Value must be non-negative integer. The value zero indicates stop immediately + via + + the kill signal (no opportunity to shut down). + + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. + + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.' + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times out. + + Defaults to 1 second. Minimum value is 1. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext holds security configuration that will be applied + to a container. + + Some fields are present in both SecurityContext and PodSecurityContext. When + both + + are set, the values in SecurityContext take precedence.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + service: + properties: + port: + type: integer + type: + type: string + required: + - port + - type + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + volumeMounts: + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: 'Path within the container at which the volume should be + mounted. Must + + not contain '':''.' + type: string + mountPropagation: + description: 'mountPropagation determines how mounts are propagated + from the host + + to container and the other way around. + + When not set, MountPropagationNone is used. + + This field is beta in 1.10. + + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation + must be None or unspecified + + (which defaults to None).' + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: 'Mounted read-only if true, read-write otherwise (false + or unspecified). + + Defaults to false.' + type: boolean + recursiveReadOnly: + description: 'RecursiveReadOnly specifies whether read-only mounts should + be handled + + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount + is not made + + recursively read-only. If this field is set to IfPossible, the mount + is made + + recursively read-only, if it is supported by the container runtime. If + this + + field is set to Enabled, the mount is made recursively read-only if + it is + + supported by the container runtime, otherwise the pod will not be + started and + + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must + be set to + + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of + Disabled.' + type: string + subPath: + description: 'Path within the volume from which the container''s volume + should be mounted. + + Defaults to "" (volume''s root).' + type: string + subPathExpr: + description: 'Expanded path within the volume from which the container''s + volume should be mounted. + + Behaves similarly to SubPath but environment variable references $(VAR_NAME) + are expanded using the container''s environment. + + Defaults to "" (volume''s root). + + SubPathExpr and SubPath are mutually exclusive.' + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + description: Volume represents a named volume in a pod that may be accessed + by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource that + is attached to a + + kubelet''s host machine and then exposed to the pod. + + Deprecated: AWSElasticBlockStore is deprecated. All operations for + the in-tree + + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI + driver. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume that you + want to mount. + + Tip: Ensure that the filesystem type is supported by the host + operating system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + partition: + description: 'partition is the partition in the volume that you + want to mount. + + If omitted, the default is to mount by volume name. + + Examples: For volume /dev/sda1, you specify the partition as "1". + + Similarly, the volume partition for /dev/sda is "0" (or you can + leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly setting + in VolumeMounts. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk resource + in AWS (Amazon EBS volume). + + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: 'azureDisk represents an Azure Data Disk mount on the host + and bind mount to the pod. + + Deprecated: AzureDisk is deprecated. All operations for the in-tree + azureDisk type + + are redirected to the disk.csi.azure.com CSI driver.' + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, Read Only, + Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob storage + type: string + fsType: + default: ext4 + description: 'fsType is Filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified.' + type: string + kind: + description: 'kind expected values are Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage account Managed: + azure managed data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + default: false + description: 'readOnly Defaults to false (read/write). ReadOnly + here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: 'azureFile represents an Azure File Service mount on the + host and bind mount to the pod. + + Deprecated: AzureFile is deprecated. All operations for the in-tree + azureFile type + + are redirected to the file.csi.azure.com CSI driver.' + properties: + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretName: + description: secretName is the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: 'cephFS represents a Ceph FS mount on the host that shares + a pod''s lifetime. + + Deprecated: CephFS is deprecated and the in-tree cephfs type is no + longer supported.' + properties: + monitors: + description: 'monitors is Required: Monitors is a collection of + Ceph monitors + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force + + the ReadOnly setting in VolumeMounts. + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the path to + key ring for User, default is /etc/ceph/user.secret + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference to the + authentication secret for User, default is empty. + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, default + is admin + + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and mounted + on kubelets host machine. + + Deprecated: Cinder is deprecated. All operations for the in-tree cinder + type + + are redirected to the cinder.csi.openstack.org CSI driver. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force + + the ReadOnly setting in VolumeMounts. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret object containing + parameters used to connect + + to OpenStack.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate this + volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to set permissions + on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value + between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + Defaults to 0644. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: 'items if unspecified, each key-value pair in the Data + field of the referenced + + ConfigMap will be projected into the volume as a file whose name + is the + + key and content is the value. If specified, the listed keys will + be + + projected into the specified paths, and unlisted keys will not + be + + present. If a key is specified which is not present in the ConfigMap, + + the volume setup will error unless it is marked optional. Paths + must be + + relative and may not contain the ''..'' path or start with ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set permissions + on this file. + + Must be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that affect + the file + + mode, like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file to map + the key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers. + properties: + driver: + description: 'driver is the name of the CSI driver that handles + this volume. + + Consult with your admin for the correct name as registered in + the cluster.' + type: string + fsType: + description: 'fsType to mount. Ex. "ext4", "xfs", "ntfs". + + If not provided, the empty value is passed to the associated CSI + driver + + which will determine the default filesystem to apply.' + type: string + nodePublishSecretRef: + description: 'nodePublishSecretRef is a reference to the secret + object containing + + sensitive information to pass to the CSI driver to complete the + CSI + + NodePublishVolume and NodeUnpublishVolume calls. + + This field is optional, and may be empty if no secret is required. + If the + + secret object contains more than one secret, all secret references + are passed.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: 'readOnly specifies a read-only configuration for the + volume. + + Defaults to false (read/write).' + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: 'volumeAttributes stores driver-specific properties + that are passed to the CSI + + driver. Consult your driver''s documentation for supported values.' + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod that + should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. + Must be a + + Optional: mode bits used to set permissions on created files by + default. + + Must be an octal value between 0000 and 0777 or a decimal value + between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + Defaults to 0644. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, + labels, name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value + + between 0000 and 0777 or a decimal value between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that affect + the file + + mode, like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of + the file to be created. Must not be absolute or contain + the ''..'' path. Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests + + (limits.cpu, limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that shares + a pod''s lifetime. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium should + back this directory. + + The default is "" which means to use the node''s default medium. + + Must be an empty string (default) or Memory. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage required + for this EmptyDir volume. + + The size limit is also applicable for memory medium. + + The maximum usage on memory medium EmptyDir would be the minimum + value between + + the SizeLimit specified here and the sum of memory limits of all + containers in a pod. + + The default is nil which means that the limit is undefined. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster\ + \ storage driver.\nThe volume's lifecycle is tied to the pod that\ + \ defines it - it will be created before the pod starts,\nand deleted\ + \ when the pod is removed.\n\nUse this if:\na) the volume is only\ + \ needed while the pod runs,\nb) features of normal volumes like restoring\ + \ from snapshot or capacity\n tracking are needed,\nc) the storage\ + \ driver is specified through a storage class, and\nd) the storage\ + \ driver supports dynamic volume provisioning through\n a PersistentVolumeClaim\ + \ (see EphemeralVolumeSource for more\n information on the connection\ + \ between this volume type\n and PersistentVolumeClaim).\n\nUse\ + \ PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes\ + \ that persist for longer than the lifecycle\nof an individual pod.\n\ + \nUse CSI for light-weight local ephemeral volumes if the CSI driver\ + \ is meant to\nbe used that way - see the documentation of the driver\ + \ for\nmore information.\n\nA pod can use both types of ephemeral\ + \ volumes and\npersistent volumes at the same time." + properties: + volumeClaimTemplate: + description: 'Will be used to create a stand-alone PVC to provision + the volume. + + The pod in which this EphemeralVolumeSource is embedded will be + the + + owner of the PVC, i.e. the PVC will be deleted together with the + + pod. The name of the PVC will be `-` where + + `` is the name from the `PodSpec.Volumes` array + + entry. Pod validation will reject the pod if the concatenated + name + + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + + will *not* be used for the pod to avoid using an unrelated + + volume by mistake. Starting the pod is then blocked until + + the unrelated PVC is removed. If such a pre-created PVC is + + meant to be used by the pod, the PVC has to updated with an + + owner reference to the pod once the pod exists. Normally + + this should not be necessary, but it may be useful when + + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + + to the PVC after it has been created. + + + Required, must not be nil.' + properties: + metadata: + description: 'May contain labels and annotations that will be + copied into the PVC + + when creating it. No other fields are allowed and will be + rejected during + + validation.' + type: object + spec: + description: 'The specification for the PersistentVolumeClaim. + The entire content is + + copied unchanged into the PVC that gets created from this + + template. The same fields as in a PersistentVolumeClaim + + are also valid here.' + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field can be used to specify either: + + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + + * An existing PVC (PersistentVolumeClaim) + + If the provisioner or an external controller can support + the specified data source, + + it will create a new volume based on the contents of the + specified data source. + + When the AnyVolumeDataSource feature gate is enabled, + dataSource contents will be copied to dataSourceRef, + + and dataSourceRef contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + + If the namespace is specified, then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: 'APIGroup is the group for the resource + being referenced. + + If APIGroup is not specified, the specified Kind must + be in the core API group. + + For any other third-party types, APIGroup is required.' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: "dataSourceRef specifies the object from which\ + \ to populate the volume with data, if a non-empty\nvolume\ + \ is desired. This may be any object from a non-empty\ + \ API group (non\ncore object) or a PersistentVolumeClaim\ + \ object.\nWhen this field is specified, volume binding\ + \ will only succeed if the type of\nthe specified object\ + \ matches some installed volume populator or dynamic\n\ + provisioner.\nThis field will replace the functionality\ + \ of the dataSource field and as such\nif both fields\ + \ are non-empty, they must have the same value. For backwards\n\ + compatibility, when namespace isn't specified in dataSourceRef,\n\ + both fields (dataSource and dataSourceRef) will be set\ + \ to the same\nvalue automatically if one of them is empty\ + \ and the other is non-empty.\nWhen namespace is specified\ + \ in dataSourceRef,\ndataSource isn't set to the same\ + \ value and must be empty.\nThere are three important\ + \ differences between dataSource and dataSourceRef:\n\ + * While dataSource only allows two specific types of objects,\ + \ dataSourceRef\n allows any non-core object, as well\ + \ as PersistentVolumeClaim objects.\n* While dataSource\ + \ ignores disallowed values (dropping them), dataSourceRef\n\ + \ preserves all values, and generates an error if a disallowed\ + \ value is\n specified.\n* While dataSource only allows\ + \ local objects, dataSourceRef allows objects\n in any\ + \ namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource\ + \ feature gate to be enabled.\n(Alpha) Using the namespace\ + \ field of dataSourceRef requires the CrossNamespaceVolumeDataSource\ + \ feature gate to be enabled." + properties: + apiGroup: + description: 'APIGroup is the group for the resource + being referenced. + + If APIGroup is not specified, the specified Kind must + be in the core API group. + + For any other third-party types, APIGroup is required.' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: 'Namespace is the namespace of resource + being referenced + + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to allow + that namespace''s owner to accept the reference. See + the ReferenceGrant documentation for details. + + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. + + If RecoverVolumeExpansionFailure feature is enabled users + are allowed to specify resource requirements + + that are lower than previous value but must still be higher + than capacity recorded in the + + status field of the claim. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. + + If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, + + otherwise to an implementation-defined value. Requests + cannot exceed Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName may be used to set + the VolumeAttributesClass used by this claim. + + If specified, the CSI driver will create or update the + volume with the attributes defined + + in the corresponding VolumeAttributesClass. This has a + different purpose than storageClassName, + + it can be changed after the claim is created. An empty + string value means that no VolumeAttributesClass + + will be applied to the claim but it''s not allowed to + reset this field to empty string once it is set. + + If unspecified and the PersistentVolumeClaim is unbound, + the default VolumeAttributesClass + + will be set by the persistentvolume controller if it exists. + + If the resource referred to by volumeAttributesClass does + not exist, this PersistentVolumeClaim will be + + set to a Pending state, as reflected by the modifyVolumeStatus + field, until such as a resource + + exists. + + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + + (Beta) Using this field requires the VolumeAttributesClass + feature gate to be enabled (off by default).' + type: string + volumeMode: + description: 'volumeMode defines what type of volume is + required by the claim. + + Value of Filesystem is implied when not included in claim + spec.' + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified.' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide names + (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC volume world wide identifiers (wwids) + + Either wwids or combination of targetWWNs and lun must be set, + but not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: 'flexVolume represents a generic volume resource that is + + provisioned/attached using an exec based plugin. + + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.' + properties: + driver: + description: driver is the name of the driver to use for this volume. + type: string + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume + script.' + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra command + options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference to the + secret object containing + + sensitive information to pass to the plugin scripts. This may + be + + empty if no secret object is specified. If the secret object + + contains more than one secret, all secrets are passed to the plugin + + scripts.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: 'flocker represents a Flocker volume attached to a kubelet''s + host machine. This depends on the Flocker control service being running. + + Deprecated: Flocker is deprecated and the in-tree flocker type is + no longer supported.' + properties: + datasetName: + description: 'datasetName is Name of the dataset stored as metadata + -> name on the dataset for Flocker + + should be considered as deprecated' + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource that + is attached to a + + kubelet''s host machine and then exposed to the pod. + + Deprecated: GCEPersistentDisk is deprecated. All operations for the + in-tree + + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io + CSI driver. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that you want + to mount. + + Tip: Ensure that the filesystem type is supported by the host + operating system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + partition: + description: 'partition is the partition in the volume that you + want to mount. + + If omitted, the default is to mount by volume name. + + Examples: For volume /dev/sda1, you specify the partition as "1". + + Similarly, the volume partition for /dev/sda is "0" (or you can + leave the property empty). + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in GCE. Used + to identify the disk in GCE. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. + + Defaults to false. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular revision. + + Deprecated: GitRepo is deprecated. To provision a container with a + git repo, mount an + + EmptyDir into an InitContainer that clones the repo using git, then + mount the EmptyDir + + into the Pod''s container.' + properties: + directory: + description: 'directory is the target directory name. + + Must not contain or start with ''..''. If ''.'' is supplied, + the volume directory will be the + + git repository. Otherwise, if specified, the volume will contain + the git repository in + + the subdirectory with the given name.' + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the host that + shares a pod''s lifetime. + + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type + is no longer supported. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details Glusterfs + topology. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume to be + mounted with read-only permissions. + + Defaults to false. + + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory on + the host + + machine that is directly exposed to the container. This is generally + + used for system agents or other privileged things that are allowed + + to see the host machine. Most containers will NOT need this. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + properties: + path: + description: 'path of the directory on the host. + + If the path is a symlink, it will follow the link to the real + path. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume + + Defaults to "" + + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + image: + description: 'image represents an OCI object (a container image or artifact) + pulled and mounted on the kubelet''s host machine. + + The volume is resolved at pod startup depending on which PullPolicy + value is provided: + + + - Always: the kubelet always attempts to pull the reference. Container + creation will fail If the pull fails. + + - Never: the kubelet never pulls the reference and only uses a local + image or artifact. Container creation will fail if the reference isn''t + present. + + - IfNotPresent: the kubelet pulls if the reference isn''t already + present on disk. Container creation will fail if the reference isn''t + present and the pull fails. + + + The volume gets re-resolved if the pod gets deleted and recreated, + which means that new remote content will become available on pod recreation. + + A failure to resolve or pull the image during pod startup will block + containers from starting and may add significant latency. Failures + will be retried using normal volume backoff and will be reported on + the pod reason and message. + + The types of objects that may be mounted by this volume are defined + by the container runtime implementation on a host machine and at minimum + must include all valid types supported by the container image field. + + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) + by merging the manifest layers in the same way as for container images. + + The volume will be mounted read-only (ro) and non-executable files + (noexec). + + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + + The field spec.securityContext.fsGroupChangePolicy has no effect on + this volume type.' + properties: + pullPolicy: + description: 'Policy for pulling OCI objects. Possible values are: + + Always: the kubelet always attempts to pull the reference. Container + creation will fail If the pull fails. + + Never: the kubelet never pulls the reference and only uses a local + image or artifact. Container creation will fail if the reference + isn''t present. + + IfNotPresent: the kubelet pulls if the reference isn''t already + present on disk. Container creation will fail if the reference + isn''t present and the pull fails. + + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise.' + type: string + reference: + description: 'Required: Image or artifact reference to be used. + + Behaves in the same way as pod.spec.containers[*].image. + + Pull secrets will be assembled in the same way as for the container + image by looking up node credentials, SA image pull secrets, and + pod spec image pull secrets. + + More info: https://kubernetes.io/docs/concepts/containers/images + + This field is optional to allow higher level config management + to default or override + + container images in workload controllers like Deployments and + StatefulSets.' + type: string + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is attached + to a + + kubelet''s host machine and then exposed to the pod. + + More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI Session + CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume that you + want to mount. + + Tip: Ensure that the filesystem type is supported by the host + operating system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi' + type: string + initiatorName: + description: 'initiatorName is the custom iSCSI Initiator Name. + + If initiatorName is specified with iscsiInterface simultaneously, + new iSCSI interface + + : will be created for the connection.' + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: 'iscsiInterface is the interface Name that uses an + iSCSI transport. + + Defaults to ''default'' (tcp).' + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: 'portals is the iSCSI Target Portal List. The portal + is either an IP or ip_addr:port if the port + + is other than default (typically TCP ports 860 and 3260).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. + + Defaults to false.' + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: 'targetPortal is iSCSI Target Portal. The Portal is + either an IP or ip_addr:port if the port + + is other than default (typically TCP ports 860 and 3260).' + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. + + Must be a DNS_LABEL and unique within the pod. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares a + pod''s lifetime + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to be mounted + with read-only permissions. + + Defaults to false. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the NFS server. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a reference + to a + + PersistentVolumeClaim in the same namespace. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim in + the same namespace as the pod using this volume. + + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: 'readOnly Will force the ReadOnly setting in VolumeMounts. + + Default false.' + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: 'photonPersistentDisk represents a PhotonController persistent + disk attached and mounted on kubelets host machine. + + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk + type is no longer supported.' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified.' + type: string + pdID: + description: pdID is the ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: 'portworxVolume represents a portworx volume attached and + mounted on kubelets host machine. + + Deprecated: PortworxVolume is deprecated. All operations for the in-tree + portworxVolume type + + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx + feature-gate + + is on.' + properties: + fsType: + description: 'fSType represents the filesystem type to mount + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: 'defaultMode are the mode bits used to set permissions + on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value + between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values for mode bits. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + sources: + description: 'sources is the list of volume projections. Each entry + in this list + + handles one source.' + items: + description: 'Projection that may be projected along with other + supported volume types. + + Exactly one of these fields must be set.' + properties: + clusterTrustBundle: + description: 'ClusterTrustBundle allows a pod to access the + `.spec.trustBundle` field + + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature + gate. + + + ClusterTrustBundle objects can either be selected by name, + or by the + + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents + written + + into the pod filesystem. Esoteric PEM features such as + inter-block + + comments and block headers are stripped. Certificates are + deduplicated. + + The ordering of certificates within the file is arbitrary, + and Kubelet + + may change the order over time.' + properties: + labelSelector: + description: 'Select all ClusterTrustBundles that match + this label selector. Only has + + effect if signerName is set. Mutually-exclusive with + name. If unset, + + interpreted as "match nothing". If set but empty, interpreted + as "match + + everything".' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a + selector that contains values, a key, and an operator + that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and + DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the + operator is Exists or DoesNotExist, + + the values array must be empty. This array + is replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains + only "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: 'Select a single ClusterTrustBundle by object + name. Mutually-exclusive + + with signerName and labelSelector.' + type: string + optional: + description: 'If true, don''t block pod startup if the + referenced ClusterTrustBundle(s) + + aren''t available. If using name, then the named ClusterTrustBundle + is + + allowed not to exist. If using signerName, then the + combination of + + signerName and labelSelector is allowed to match zero + + ClusterTrustBundles.' + type: boolean + path: + description: Relative path from the volume root to write + the bundle. + type: string + signerName: + description: 'Select all ClusterTrustBundles that match + this signer name. + + Mutually-exclusive with name. The contents of all selected + + ClusterTrustBundles will be unified and deduplicated.' + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap data + to project + properties: + items: + description: 'items if unspecified, each key-value pair + in the Data field of the referenced + + ConfigMap will be projected into the volume as a file + whose name is the + + key and content is the value. If specified, the listed + keys will be + + projected into the specified paths, and unlisted keys + will not be + + present. If a key is specified which is not present + in the ConfigMap, + + the volume setup will error unless it is marked optional. + Paths must be + + relative and may not contain the ''..'' path or start + with ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. + + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. + + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. + + If not specified, the volume defaultMode will + be used. + + This might be in conflict with other options that + affect the file + + mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file + to map the key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards + compatibility is + + allowed to be empty. Instances of this type with an + empty value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value + + between 0000 and 0777 or a decimal value between + 0 and 511. + + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. + + If not specified, the volume defaultMode will + be used. + + This might be in conflict with other options that + affect the file + + mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests + + (limits.cpu, limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data to project + properties: + items: + description: 'items if unspecified, each key-value pair + in the Data field of the referenced + + Secret will be projected into the volume as a file whose + name is the + + key and content is the value. If specified, the listed + keys will be + + projected into the specified paths, and unlisted keys + will not be + + present. If a key is specified which is not present + in the Secret, + + the volume setup will error unless it is marked optional. + Paths must be + + relative and may not contain the ''..'' path or start + with ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. + + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. + + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. + + If not specified, the volume defaultMode will + be used. + + This might be in conflict with other options that + affect the file + + mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file + to map the key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards + compatibility is + + allowed to be empty. Instances of this type with an + empty value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional field specify whether the Secret + or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the + serviceAccountToken data to project + properties: + audience: + description: 'audience is the intended audience of the + token. A recipient of a token + + must identify itself with an identifier specified in + the audience of the + + token, and otherwise should reject the token. The audience + defaults to the + + identifier of the apiserver.' + type: string + expirationSeconds: + description: 'expirationSeconds is the requested duration + of validity of the service + + account token. As the token approaches expiration, the + kubelet volume + + plugin will proactively rotate the service account token. + The kubelet will + + start trying to rotate the token if the token is older + than 80 percent of + + its time to live or if the token is older than 24 hours.Defaults + to 1 hour + + and must be at least 10 minutes.' + format: int64 + type: integer + path: + description: 'path is the path relative to the mount point + of the file to project the + + token into.' + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: 'quobyte represents a Quobyte mount on the host that shares + a pod''s lifetime. + + Deprecated: Quobyte is deprecated and the in-tree quobyte type is + no longer supported.' + properties: + group: + description: 'group to map volume access to + + Default is no group' + type: string + readOnly: + description: 'readOnly here will force the Quobyte volume to be + mounted with read-only permissions. + + Defaults to false.' + type: boolean + registry: + description: 'registry represents a single or multiple Quobyte Registry + services + + specified as a string as host:port pair (multiple entries are + separated with commas) + + which acts as the central registry for volumes' + type: string + tenant: + description: 'tenant owning the given Quobyte volume in the Backend + + Used with dynamically provisioned Quobyte volumes, value is set + by the plugin' + type: string + user: + description: 'user to map volume access to + + Defaults to serivceaccount user' + type: string + volume: + description: volume is a string that references an already created + Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the host + that shares a pod''s lifetime. + + Deprecated: RBD is deprecated and the in-tree rbd type is no longer + supported. + + More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume that you + want to mount. + + Tip: Ensure that the filesystem type is supported by the host + operating system. + + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd' + type: string + image: + description: 'image is the rados image name. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + default: /etc/ceph/keyring + description: 'keyring is the path to key ring for RBDUser. + + Default is /etc/ceph/keyring. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: 'pool is the rados pool name. + + Default is rbd. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. + + Defaults to false. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret for + RBDUser. If provided + + overrides keyring. + + Default is nil. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: 'user is the rados user name. + + Default is admin. + + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: 'scaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is + no longer supported.' + properties: + fsType: + default: xfs + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". + + Default is "xfs".' + type: string + gateway: + description: gateway is the host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: 'readOnly Defaults to false (read/write). ReadOnly + here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef references to the secret for ScaleIO user + and other + + sensitive information. If this is not provided, Login operation + will fail.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: 'storageMode indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. + + Default is ThinProvisioned.' + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: 'volumeName is the name of a volume already created + in the ScaleIO system + + that is associated with this volume source.' + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate this volume. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to set permissions + on created files by default. + + Must be an octal value between 0000 and 0777 or a decimal value + between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires decimal + values + + for mode bits. Defaults to 0644. + + Directories within the path are not affected by this setting. + + This might be in conflict with other options that affect the file + + mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: 'items If unspecified, each key-value pair in the Data + field of the referenced + + Secret will be projected into the volume as a file whose name + is the + + key and content is the value. If specified, the listed keys will + be + + projected into the specified paths, and unlisted keys will not + be + + present. If a key is specified which is not present in the Secret, + + the volume setup will error unless it is marked optional. Paths + must be + + relative and may not contain the ''..'' path or start with ''..''.' + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set permissions + on this file. + + Must be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. + + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. + + If not specified, the volume defaultMode will be used. + + This might be in conflict with other options that affect + the file + + mode, like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'path is the relative path of the file to map + the key to. + + May not be an absolute path. + + May not contain the path element ''..''. + + May not start with the string ''..''.' + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the pod''s + namespace to use. + + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: 'storageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + + Deprecated: StorageOS is deprecated and the in-tree storageos type + is no longer supported.' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified.' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force + + the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef specifies the secret to use for obtaining + the StorageOS API + + credentials. If not specified, default values will be attempted.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: 'volumeName is the human-readable name of the StorageOS + volume. Volume + + names are only unique within a namespace.' + type: string + volumeNamespace: + description: 'volumeNamespace specifies the scope of the volume + within StorageOS. If no + + namespace is specified then the Pod''s namespace will be used. This + allows the + + Kubernetes name scoping to be mirrored within StorageOS for tighter + integration. + + Set VolumeName to any name to override the default behaviour. + + Set to "default" if you are not using namespaces within StorageOS. + + Namespaces that do not pre-exist within StorageOS will be created.' + type: string + type: object + vsphereVolume: + description: 'vsphereVolume represents a vSphere volume attached and + mounted on kubelets host machine. + + Deprecated: VsphereVolume is deprecated. All operations for the in-tree + vsphereVolume type + + are redirected to the csi.vsphere.vmware.com CSI driver.' + properties: + fsType: + description: 'fsType is filesystem type to mount. + + Must be a filesystem type supported by the host operating system. + + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified.' + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based Management + (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere volume + vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - enabled + - featureGates + - image + - replicaCount + - service + - serviceAccount + - volumeMounts + - volumes + type: object + kubedb-kubestash-catalog: + properties: + druid: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + elasticsearch: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + enabled: + type: boolean + featureGates: + additionalProperties: + type: boolean + type: object + kubedbmanifest: + properties: + enabled: + type: boolean + required: + - enabled + type: object + kubedbverifier: + properties: + enabled: + type: boolean + required: + - enabled + type: object + mariadb: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + mongodb: + description: KubestashMongodbSpec is the schema for KubeStash MongoDB values + file + properties: + backup: + properties: + args: + type: string + type: object + maxConcurrency: + format: int32 + type: integer + restore: + properties: + args: + type: string + type: object + required: + - backup + - maxConcurrency + - restore + type: object + mssqlserver: + description: KubestashMongodbSpec is the schema for KubeStash MongoDB values + file + properties: + backup: + properties: + args: + type: string + type: object + maxConcurrency: + format: int32 + type: integer + restore: + properties: + args: + type: string + type: object + required: + - backup + - maxConcurrency + - restore + type: object + mysql: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + opensearch: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + postgres: + description: KubestashPostgresSpec is the schema for KubeStash Postgres values + file + properties: + backup: + properties: + args: + type: string + cmd: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + proxies: + properties: + appscode: + description: r.appscode.com + type: string + dockerHub: + description: company/bin:1.23 + type: string + dockerLibrary: + description: alpine, nginx etc. + type: string + ghcr: + description: ghcr.io + type: string + kubernetes: + description: registry.k8s.io + type: string + microsoft: + description: mcr.microsoft.com + type: string + quay: + description: quay.io + type: string + type: object + redis: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + singlestore: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + waitTimeout: + format: int64 + type: integer + zookeeper: + description: KubestashDatabaseSpec is the schema for DB values file + properties: + backup: + properties: + args: + type: string + type: object + restore: + properties: + args: + type: string + type: object + required: + - backup + - restore + type: object + required: + - druid + - elasticsearch + - enabled + - featureGates + - kubedbmanifest + - kubedbverifier + - mariadb + - mongodb + - mssqlserver + - mysql + - opensearch + - postgres + - redis + - singlestore + - waitTimeout + - zookeeper + type: object + kubedb-metrics: + properties: + enabled: + type: boolean + required: + - enabled + type: object + kubedb-ops-manager: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + enabled: + type: boolean + env: + description: 'List of environment variables to set in the container. + + Cannot be updated.' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + + using the previously defined environment variables in the container + and + + any service environment variables. If a variable cannot be resolved, + + the reference in the input string will be unchanged. Double $$ are + reduced + + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + + Escaped references will never be expanded, regardless of whether the + variable + + exists or not. + + Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be + used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests + + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) are currently + supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: 'List of sources to populate environment variables in the container. + + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + + will be reported as an event when the container is starting. When a key + exists in multiple + + sources, the value associated with the last source will take precedence. + + Values defined by an Env with a duplicate key will take precedence. + + Cannot be updated.' + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you + locate the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + insecureRegistries: + items: + type: string + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the + referenced claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if + that is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + psp: + properties: + enabled: + type: boolean + required: + - enabled + type: object + recommendationEngine: + properties: + genRotateTLSRecommendationBeforeExpiryDay: + type: integer + genRotateTLSRecommendationBeforeExpiryMonth: + type: integer + genRotateTLSRecommendationBeforeExpiryYear: + type: integer + recommendationResyncPeriod: + type: string + required: + - genRotateTLSRecommendationBeforeExpiryDay + - genRotateTLSRecommendationBeforeExpiryMonth + - genRotateTLSRecommendationBeforeExpiryYear + - recommendationResyncPeriod + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object + required: + - apiserver + - enabled + - imagePullPolicy + - insecureRegistries + - monitoring + - operator + - psp + - registryFQDN + - replicaCount + - serviceAccount + - waitfor + type: object + kubedb-provisioner: + properties: + additionalPodSecurityPolicies: + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + enabled: + type: boolean + enforceTerminationPolicy: + type: boolean + env: + description: 'List of environment variables to set in the container. + + Cannot be updated.' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + + using the previously defined environment variables in the container + and + + any service environment variables. If a variable cannot be resolved, + + the reference in the input string will be unchanged. Double $$ are + reduced + + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + + Escaped references will never be expanded, regardless of whether the + variable + + exists or not. + + Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be + used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests + + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) are currently + supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: 'List of sources to populate environment variables in the container. + + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + + will be reported as an event when the container is starting. When a key + exists in multiple + + sources, the value associated with the last source will take precedence. + + Values defined by an Env with a duplicate key will take precedence. + + Cannot be updated.' + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you + locate the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + insecureRegistries: + items: + type: string + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the + referenced claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if + that is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + psp: + properties: + enabled: + type: boolean + required: + - enabled + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object + required: + - apiserver + - enabled + - imagePullPolicy + - insecureRegistries + - monitoring + - operator + - psp + - registryFQDN + - replicaCount + - serviceAccount + - waitfor + type: object + kubedb-schema-manager: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + probePort: + type: integer + required: + - probePort + type: object + useKubeapiserverFqdnForAks: + type: boolean + required: + - healthcheck + - useKubeapiserverFqdnForAks + type: object + criticalAddon: + type: boolean + enabled: + type: boolean + enforceTerminationPolicy: + type: boolean + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you + locate the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + license: + type: string + licenseSecretName: + type: string + logLevel: + format: int32 + type: integer + maxConcurrentReconciles: + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + bindPort: + type: integer + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - bindPort + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the + referenced claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if + that is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + waitfor: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object + required: + - apiserver + - enabled + - imagePullPolicy + - monitoring + - operator + - registryFQDN + - replicaCount + - serviceAccount + - waitfor + type: object + kubedb-webhook-server: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + ca: + type: string + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + format: int32 + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + format: int32 + type: integer + webhook: + properties: + failurePolicy: + type: string + required: + - failurePolicy + type: object + required: + - ca + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + - webhook + type: object + criticalAddon: + type: boolean + defaultSeccompProfileType: + type: string + enabled: + type: boolean + featureGates: + additionalProperties: + type: boolean + type: object + fullnameOverride: + type: string + hostNetwork: + type: boolean + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + server: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the + referenced claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if + that is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + required: + - apiserver + - enabled + - featureGates + - hostNetwork + - imagePullPolicy + - monitoring + - registryFQDN + - replicaCount + - server + - serviceAccount + type: object + operator-shard-manager: + properties: + enabled: + type: boolean + required: + - enabled + type: object + petset: + properties: + enabled: + type: boolean + required: + - enabled + type: object + sidekick: + properties: + enabled: + type: boolean + required: + - enabled + type: object + supervisor: + properties: + enabled: + type: boolean + required: + - enabled + type: object +required: +- global +type: object diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/values.yaml b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/values.yaml similarity index 94% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/values.yaml rename to kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/values.yaml index b2d9455..e37b2c6 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/values.yaml +++ b/kustomize/kubedb/base/charts/kubedb-v2025.3.24/kubedb/values.yaml @@ -92,6 +92,9 @@ global: petset: # If enabled, installs the petset chart enabled: true +operator-shard-manager: + # If enabled, installs the operator-shard-manager chart + enabled: false sidekick: # If enabled, installs the sidekick chart enabled: true @@ -125,6 +128,9 @@ kubedb-catalog: kubedb-kubestash-catalog: # If enabled, installs the kubedb-kubestash-catalog chart enabled: true +kubedb-gitops: + # If enabled, installs the kubedb-gitops chart + enabled: false ace-user-roles: # If enabled, installs the ace-user-roles chart enabled: true @@ -133,11 +139,13 @@ ace-user-roles: appcatalog: true catalog: false cert-manager: false - kubedb: true kubedb-ui: false + kubedb: true kubestash: false kubevault: false license-proxyserver: true metrics: true prometheus: false + secrets-store: false stash: false + virtual-secrets: false diff --git a/kustomize/kubedb/base/kustomization.yaml b/kustomize/kubedb/base/kustomization.yaml index 4da54e6..4a51034 100644 --- a/kustomize/kubedb/base/kustomization.yaml +++ b/kustomize/kubedb/base/kustomization.yaml @@ -12,5 +12,5 @@ helmCharts: enabled: false releaseName: kubedb namespace: kubedb - version: v2025.2.19 + version: v2025.3.24 repo: oci://ghcr.io/appscode-charts diff --git a/kustomize/kubeops/base/charts/ace-user-roles-v2025.3.14/ace-user-roles/templates/NOTES.txt b/kustomize/kubeops/base/charts/ace-user-roles-v2025.3.14/ace-user-roles/templates/NOTES.txt index b6389aa..e69de29 100644 --- a/kustomize/kubeops/base/charts/ace-user-roles-v2025.3.14/ace-user-roles/templates/NOTES.txt +++ b/kustomize/kubeops/base/charts/ace-user-roles-v2025.3.14/ace-user-roles/templates/NOTES.txt @@ -1,3 +0,0 @@ -To verify that UI Server has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ace-user-roles.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/.helmignore b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/.helmignore similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/.helmignore rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/.helmignore diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/Chart.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/Chart.yaml similarity index 90% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/Chart.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/Chart.yaml index 71c83e7..0dfc3a2 100644 --- a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/Chart.yaml +++ b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.0.20 +appVersion: v0.0.21 description: Kubernetes license-proxyserver by AppsCode home: https://github.com/appscode-cloud/license-proxyserver icon: https://cdn.appscode.com/images/products/searchlight/icons/android-icon-192x192.png @@ -9,4 +9,4 @@ maintainers: name: license-proxyserver sources: - https://github.com/appscode-cloud/license-proxyserver -version: v2025.1.17 +version: v2025.3.14 diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/README.md b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/README.md similarity index 99% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/README.md rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/README.md index cb50bfa..c17530c 100644 --- a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/README.md +++ b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable $ helm repo update -$ helm search repo appscode/license-proxyserver --version=v2025.1.17 -$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.1.17 +$ helm search repo appscode/license-proxyserver --version=v2025.3.14 +$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.3.14 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a Kubernetes license proxyserver on a [Kubernetes](http://kub To install/upgrade the chart with the release name `license-proxyserver`: ```bash -$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.1.17 +$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.3.14 ``` The command deploys a Kubernetes license proxyserver on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -95,12 +95,12 @@ The following table lists the configurable parameters of the `license-proxyserve Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.1.17 --set replicaCount=1 +$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.3.14 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.1.17 --values values.yaml +$ helm upgrade -i license-proxyserver appscode/license-proxyserver -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml ``` diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/ci/ci-values.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/ci/ci-values.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/ci/ci-values.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/ci/ci-values.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/crds/monitoring.coreos.com_servicemonitors.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/crds/monitoring.coreos.com_servicemonitors.yaml similarity index 99% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/crds/monitoring.coreos.com_servicemonitors.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/crds/monitoring.coreos.com_servicemonitors.yaml index c39b121..3d9e651 100644 --- a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/crds/monitoring.coreos.com_servicemonitors.yaml +++ b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/crds/monitoring.coreos.com_servicemonitors.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 - operator.prometheus.io/version: 0.80.0 + controller-gen.kubebuilder.io/version: v0.17.2 + operator.prometheus.io/version: 0.81.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/doc.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/doc.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/doc.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/doc.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/NOTES.txt b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/NOTES.txt similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/NOTES.txt rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/NOTES.txt diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/_helpers.tpl b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/_helpers.tpl similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/_helpers.tpl rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/_helpers.tpl diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/apiregistration.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/apiregistration.yaml similarity index 97% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/apiregistration.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/apiregistration.yaml index 8f5dca4..7f00ca3 100644 --- a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/apiregistration.yaml +++ b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/apiregistration.yaml @@ -49,7 +49,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "license-proxyserver.fullname" . }}-apiserver-auth-delegator + name: {{ include "license-proxyserver.fullname" . }}-auth-delegator labels: {{- include "license-proxyserver.labels" . | nindent 4 }} roleRef: diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/cluster-role-binding.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/cluster-role-binding.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/cluster-role-binding.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/cluster-role-binding.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/cluster-role.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/cluster-role.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/cluster-role.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/cluster-role.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/deployment.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/deployment.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/deployment.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/deployment.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/licenses.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/licenses.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/licenses.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/licenses.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/platform-auth.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/platform-auth.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/platform-auth.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/platform-auth.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/service.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/service.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/service.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/service.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/serviceaccount.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/serviceaccount.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/serviceaccount.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/serviceaccount.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/servicemonitor.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/servicemonitor.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/servicemonitor.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/servicemonitor.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/token.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/token.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/templates/token.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/templates/token.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/values.openapiv3_schema.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/values.openapiv3_schema.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/values.openapiv3_schema.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/values.openapiv3_schema.yaml diff --git a/kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/values.yaml b/kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/values.yaml similarity index 100% rename from kustomize/kubeops/base/charts/license-proxyserver-v2025.1.17/license-proxyserver/values.yaml rename to kustomize/kubeops/base/charts/license-proxyserver-v2025.3.14/license-proxyserver/values.yaml diff --git a/kustomize/kubeops/base/kustomization.yaml b/kustomize/kubeops/base/kustomization.yaml index 259c160..d286365 100644 --- a/kustomize/kubeops/base/kustomization.yaml +++ b/kustomize/kubeops/base/kustomization.yaml @@ -13,7 +13,7 @@ helmCharts: token: '****************************************' releaseName: license-proxyserver namespace: kubeops - version: v2025.1.17 + version: v2025.3.14 repo: oci://ghcr.io/appscode-charts - name: ace-user-roles diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/NOTES.txt b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/NOTES.txt deleted file mode 100644 index b6389aa..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that UI Server has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ace-user-roles.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/auth_proxy.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/auth_proxy.yaml deleted file mode 100644 index 4662281..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/auth_proxy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kubestash-operator.fullname" . }}-auth-proxy -rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "kubestash-operator.fullname" . }}-auth-proxy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "kubestash-operator.fullname" . }}-auth-proxy -subjects: - - kind: ServiceAccount - name: {{ include "kubestash-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - -{{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/metrics_reader.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/metrics_reader.yaml deleted file mode 100644 index 5e7503d..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/metrics_reader.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kubestash-operator.fullname" . }}-metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/cert.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/cert.yaml deleted file mode 100644 index 88bff06..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/cert.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- $caCrt := "" }} -{{- $serverCrt := "" }} -{{- $serverKey := "" }} -{{- if .Values.apiserver.servingCerts.generate }} -{{- $ca := genCA "ca" 3650 }} -{{- $cn := include "kubestash-operator.webhookServiceName" . -}} -{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} -{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} -{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} -{{- $caCrt = b64enc $ca.Cert }} -{{- $serverCrt = b64enc $server.Cert }} -{{- $serverKey = b64enc $server.Key }} -{{- else }} -{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} -{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} -{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} -{{- end }} -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "kubestash-operator.fullname" . }}-webhook-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubestash-operator.labels" . | nindent 4 }} -type: Opaque -data: - ca.crt: {{ $caCrt }} - tls.crt: {{ $serverCrt }} - tls.key: {{ $serverKey }} -{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/webhook_service.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/webhook_service.yaml deleted file mode 100644 index 213d339..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/webhook_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kubestash-operator.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubestash-operator.labels" . | nindent 4 }} -spec: - selector: - {{- include "kubestash-operator.selectorLabels" . | nindent 4 }} - component: webhook-server - ports: - - port: 443 - protocol: TCP - targetPort: 9443 -{{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/values.openapiv3_schema.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/values.openapiv3_schema.yaml deleted file mode 100644 index ce84342..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/values.openapiv3_schema.yaml +++ /dev/null @@ -1,3038 +0,0 @@ -properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are - ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the - corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - bypassValidatingWebhookXray: - type: boolean - ca: - type: string - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - format: int32 - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - format: int32 - type: integer - required: - - ca - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - type: object - cleaner: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - type: object - registry: - type: string - repository: - type: string - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - skip: - type: boolean - tag: - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - required: - - registry - - repository - - skip - - tag - type: object - criticalAddon: - type: boolean - env: - description: List of environment variables to set in the container. Cannot be - updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previously - defined environment variables in the container and any service environment - variables. If a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references will never be expanded, - regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used - if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits - and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) are - currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for - env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys will - be reported as an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - license: - type: string - logLevel: - format: int32 - type: integer - monitoring: - properties: - agent: - type: string - backup: - type: boolean - operator: - type: boolean - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - netVolAccessor: - properties: - cpu: - type: string - memory: - type: string - privileged: - type: boolean - runAsUser: - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - platform: - properties: - openshift: - type: boolean - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podLabels: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - rbacproxy: - properties: - registry: - type: string - repository: - type: string - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - security: - properties: - apparmor: - properties: - enabled: - type: boolean - type: object - seccomp: - properties: - enabled: - type: boolean - type: object - required: - - apparmor - - seccomp - type: object - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. - type: string - type: object - type: array -required: -- cleaner -- imagePullPolicy -- monitoring -- operator -- rbacproxy -- registryFQDN -- replicaCount -- security -- serviceAccount -type: object diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/values.openapiv3_schema.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/values.openapiv3_schema.yaml deleted file mode 100644 index c55e38a..0000000 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/values.openapiv3_schema.yaml +++ /dev/null @@ -1,3307 +0,0 @@ -properties: - ace-user-roles: - properties: - enableClusterRoles: - properties: - ace: - type: boolean - appcatalog: - type: boolean - catalog: - type: boolean - cert-manager: - type: boolean - kubedb: - type: boolean - kubedb-ui: - type: boolean - kubestash: - type: boolean - kubevault: - type: boolean - license-proxyserver: - type: boolean - metrics: - type: boolean - prometheus: - type: boolean - stash: - type: boolean - required: - - ace - - appcatalog - - catalog - - cert-manager - - kubedb - - kubedb-ui - - kubestash - - kubevault - - license-proxyserver - - metrics - - prometheus - - stash - type: object - enabled: - type: boolean - required: - - enabled - type: object - global: - properties: - imagePullSecrets: - items: - description: LocalObjectReference contains enough information to let you - locate the referenced object inside the same namespace. - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t need - it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - license: - type: string - networkPolicy: - properties: - enabled: - type: boolean - required: - - enabled - type: object - registry: - type: string - registryFQDN: - type: string - skipCleaner: - type: boolean - required: - - license - - registry - - registryFQDN - - skipCleaner - type: object - kubestash-catalog: - properties: - enabled: - type: boolean - kubedump: - properties: - backup: - properties: - includeDependants: - type: boolean - labelSelector: - type: string - sanitize: - type: boolean - required: - - includeDependants - - labelSelector - - sanitize - type: object - enabled: - type: boolean - required: - - backup - - enabled - type: object - manifest: - properties: - enabled: - type: boolean - required: - - enabled - type: object - proxies: - properties: - ghcr: - description: ghcr.io - type: string - type: object - pvc: - properties: - enabled: - type: boolean - required: - - enabled - type: object - volumesnapshot: - properties: - enabled: - type: boolean - required: - - enabled - type: object - waitTimeout: - format: int64 - type: integer - workload: - properties: - enabled: - type: boolean - required: - - enabled - type: object - required: - - enabled - - kubedump - - manifest - - pvc - - volumesnapshot - - waitTimeout - - workload - type: object - kubestash-metrics: - properties: - enabled: - type: boolean - required: - - enabled - type: object - kubestash-operator: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to an update), - the system may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms - are ORed. - items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's - labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by node's - fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, - the values array must have a single element, which - will be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, the lists - of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but - it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest sum - of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has pods - which matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto - the node. If the anti-affinity requirements specified by this field - cease to be met at some point during pod execution (e.g. due to - a pod label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with - key matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - bypassValidatingWebhookXray: - type: boolean - ca: - type: string - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - format: int32 - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - format: int32 - type: integer - required: - - ca - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - type: object - cleaner: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest - sum of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node selector requirements by - node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by - node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements specified by this - field cease to be met at some point during pod execution (e.g. - due to an update), the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by - node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements by - node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector applies - to. - type: string - operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest - sum of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `labelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `labelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and - labelSelector. Also, mismatchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements specified by this - field cease to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may not try to - eventually evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the - labelSelector relative to the given namespace(s)) that this - pod should be co-located (affinity) or not co-located (anti-affinity) - with, where co-located is defined as running on a node whose - value of the label with key matches that of - any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid - putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more of - the expressions. The node that is most preferred is the one - with the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with - the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `labelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `labelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and - labelSelector. Also, mismatchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this - field are not met at scheduling time, the pod will not be scheduled - onto the node. If the anti-affinity requirements specified by - this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the - labelSelector relative to the given namespace(s)) that this - pod should be co-located (affinity) or not co-located (anti-affinity) - with, where co-located is defined as running on a node whose - value of the label with key matches that of - any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The - keys are used to lookup values from the incoming pod labels, - those key-value labels are merged with `labelSelector` - as `key in (value)` to select the group of existing pods - which pods will be taken into consideration for the incoming - pod's pod (anti) affinity. Keys that don't exist in the - incoming pod labels will be ignored. The default value - is empty. The same key is forbidden to exist in both matchLabelKeys - and labelSelector. Also, matchLabelKeys cannot be set - when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming pod - labels, those key-value labels are merged with `labelSelector` - as `key notin (value)` to select the group of existing - pods which pods will be taken into consideration for the - incoming pod's pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist in - both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that - the term applies to. The term is applied to the union - of the namespaces selected by this field and the ones - listed in the namespaces field. null selector and null - or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to - the union of the namespaces listed in this field and the - ones selected by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: This pod should be co-located (affinity) or - not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located - is defined as running on a node whose value of the label - with key topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - type: object - registry: - type: string - repository: - type: string - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - skip: - type: boolean - tag: - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. - Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not set, - which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the - system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - required: - - registry - - repository - - skip - - tag - type: object - criticalAddon: - type: boolean - enabled: - type: boolean - env: - description: List of environment variables to set in the container. Cannot - be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the - previously defined environment variables in the container and any - service environment variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be - used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to - be empty. Instances of this type with an empty value here - are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: '' - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to - be empty. Instances of this type with an empty value here - are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key - exists in multiple sources, the value associated with the last source will - take precedence. Values defined by an Env with a duplicate key will take - precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: '' - description: 'Name of the referent. This field is effectively required, - but due to backwards compatibility is allowed to be empty. Instances - of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - license: - type: string - logLevel: - format: int32 - type: integer - monitoring: - properties: - agent: - type: string - backup: - type: boolean - operator: - type: boolean - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - netVolAccessor: - properties: - cpu: - type: string - memory: - type: string - privileged: - type: boolean - runAsUser: - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - description: Compute Resources required by the sidecar container. - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and\ - \ requires enabling the DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - platform: - properties: - openshift: - type: boolean - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podLabels: - additionalProperties: - type: string - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for - default values of each field.' - properties: - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be\ - \ the FSGroup 2. The setgid bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ - \ \n If unset, the Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be set when spec.os.name\ - \ is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership - and permission of the volume before being exposed inside Pod. This field - will only apply to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that this field - cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each - container, in addition to the container's primary GID, the fsGroup (if - specified), and group memberships defined in the container image for - the uid of the container process. If unspecified, no additional groups - are added to any container. Note that group memberships defined in the - container image for the uid of the container process are still effective, - even if they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. - Pods with unsupported sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be - set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - rbacproxy: - properties: - registry: - type: string - repository: - type: string - securityContext: - description: Security options the pod should run with. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool directly - controls if the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this - container. If set, this profile overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile loaded on the - node that should be used. The profile must be preconfigured - on the node to work. Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: 'type indicates which kind of AppArmor profile will - be applied. Valid options are: Localhost - a profile pre-loaded - on the node. RuntimeDefault - the container runtime''s default - profile. Unconfined - no AppArmor enforcement.' - type: string - required: - - type - type: object - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name is - windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the - containers. The default is DefaultProcMount which uses the container - runtime defaults for readonly paths and masked paths. This requires - the ProcMountType feature flag to be enabled. Note that this field - cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail to start the container - if it does. If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be - set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a - file on the node should be used. The profile must be preconfigured - on the node to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile will\ - \ be applied. Valid options are: \n Localhost - a profile defined\ - \ in a file on the node should be used. RuntimeDefault - the\ - \ container runtime default profile should be used. Unconfined\ - \ - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the - contents of the GMSA credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should be run - as a 'Host Process' container. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - security: - properties: - apparmor: - properties: - enabled: - type: boolean - type: object - seccomp: - properties: - enabled: - type: boolean - type: object - required: - - apparmor - - seccomp - type: object - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint - that matches the triple using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means - match all taint effects. When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be - Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists is - equivalent to wildcard for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) - tolerates the taint. By default, it is not set, which means tolerate - the taint forever (do not evict). Zero and negative values will be - treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If - the operator is Exists, the value should be empty, otherwise just - a regular string. - type: string - type: object - type: array - required: - - cleaner - - enabled - - imagePullPolicy - - monitoring - - operator - - rbacproxy - - registryFQDN - - replicaCount - - security - - serviceAccount - type: object -required: -- global -type: object diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/.helmignore b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/.helmignore similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/.helmignore rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/.helmignore diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/Chart.lock b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/Chart.lock similarity index 57% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/Chart.lock rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/Chart.lock index bb3dcf1..47d1d05 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/Chart.lock +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: kubestash-operator repository: file://../kubestash-operator - version: v0.16.0 + version: v0.17.0 - name: kubestash-catalog repository: file://../kubestash-catalog - version: v2025.2.10 + version: v2025.3.24 - name: kubestash-metrics repository: file://../kubestash-metrics - version: v2025.2.10 + version: v2025.3.24 - name: ace-user-roles repository: oci://ghcr.io/appscode-charts - version: v2024.9.30 -digest: sha256:d154780b110927800f312325328f2ecb94802dc376e006f6d9046e05059e7217 -generated: "2025-02-11T17:17:55.858774985Z" + version: v2025.3.14 +digest: sha256:7aaf9baad16a24d5efc483bc4234c055935b367db8964f9045fd91fd7890064e +generated: "2025-03-24T18:43:48.991996973Z" diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/Chart.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/Chart.yaml similarity index 85% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/Chart.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/Chart.yaml index 12b67e6..ae366e5 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/Chart.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/Chart.yaml @@ -1,22 +1,22 @@ apiVersion: v2 -appVersion: v2025.2.10 +appVersion: v2025.3.24 dependencies: - condition: kubestash-operator.enabled name: kubestash-operator repository: file://../kubestash-operator - version: v0.16.0 + version: v0.17.0 - condition: kubestash-catalog.enabled name: kubestash-catalog repository: file://../kubestash-catalog - version: v2025.2.10 + version: v2025.3.24 - condition: kubestash-metrics.enabled name: kubestash-metrics repository: file://../kubestash-metrics - version: v2025.2.10 + version: v2025.3.24 - condition: ace-user-roles.enabled name: ace-user-roles repository: oci://ghcr.io/appscode-charts - version: v2024.9.30 + version: v2025.3.14 description: KubeStash by AppsCode - Backup your Kubernetes native applications home: https://kubestash.com icon: https://cdn.appscode.com/images/products/kubestash/stash-icon.png @@ -27,4 +27,4 @@ name: kubestash sources: - https://github.com/kubestash type: application -version: v2025.2.10 +version: v2025.3.24 diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/README.md b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/README.md similarity index 91% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/README.md rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/README.md index e1b7a2c..0e1560b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/README.md +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubestash --version=v2025.2.10 -$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.2.10 +$ helm search repo appscode/kubestash --version=v2025.3.24 +$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys Backup operator on a [Kubernetes](http://kubernetes.io) clust To install/upgrade the chart with the release name `kubestash`: ```bash -$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.2.10 +$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.3.24 ``` The command deploys Backup operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -61,25 +61,27 @@ The following table lists the configurable parameters of the `kubestash` chart a | ace-user-roles.enableClusterRoles.appcatalog | | true | | ace-user-roles.enableClusterRoles.catalog | | false | | ace-user-roles.enableClusterRoles.cert-manager | | false | -| ace-user-roles.enableClusterRoles.kubedb | | false | | ace-user-roles.enableClusterRoles.kubedb-ui | | false | +| ace-user-roles.enableClusterRoles.kubedb | | false | | ace-user-roles.enableClusterRoles.kubestash | | true | | ace-user-roles.enableClusterRoles.kubevault | | false | | ace-user-roles.enableClusterRoles.license-proxyserver | | true | | ace-user-roles.enableClusterRoles.metrics | | true | | ace-user-roles.enableClusterRoles.prometheus | | false | +| ace-user-roles.enableClusterRoles.secrets-store | | false | | ace-user-roles.enableClusterRoles.stash | | false | +| ace-user-roles.enableClusterRoles.virtual-secrets | | false | Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.2.10 --set global.registry=stashed +$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.3.24 --set global.registry=stashed ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.2.10 --values values.yaml +$ helm upgrade -i kubestash appscode/kubestash -n kubestash --create-namespace --version=v2025.3.24 --values values.yaml ``` diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/.helmignore b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/.helmignore new file mode 100644 index 0000000..e03134c --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.terraform +*.tfstate* diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/Chart.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/Chart.yaml similarity index 87% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/Chart.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/Chart.yaml index ddfc25d..c13d1a4 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/ace-user-roles/Chart.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2024.9.30 +appVersion: v2025.3.14 description: A Helm chart for ACE user roles icon: https://cdn.appscode.com/images/products/kubeops/icons/android-icon-192x192.png maintainers: @@ -9,4 +9,4 @@ name: ace-user-roles sources: - https://github.com/kubeops/installer type: application -version: v2024.9.30 +version: v2025.3.14 diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/README.md b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/README.md similarity index 74% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/README.md rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/README.md index 38f525f..051da4b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/README.md +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/ace-user-roles --version=v2024.9.30 -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 +$ helm search repo appscode/ace-user-roles --version=v2025.3.14 +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys ACE User Roles on a [Kubernetes](http://kubernetes.io) cluste To install/upgrade the chart with the release name `ace-user-roles`: ```bash -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 ``` The command deploys ACE User Roles on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -49,18 +49,20 @@ The following table lists the configurable parameters of the `ace-user-roles` ch |----------------------------------------|-----------------------------|--------------------------------------| | nameOverride | Overrides name template | "" | | fullnameOverride | Overrides fullname template | "" | -| enableClusterRoles.ace | | true | -| enableClusterRoles.appcatalog | | true | -| enableClusterRoles.catalog | | true | -| enableClusterRoles.cert-manager | | true | -| enableClusterRoles.kubedb | | true | -| enableClusterRoles.kubedb-ui | | true | -| enableClusterRoles.kubestash | | true | -| enableClusterRoles.kubevault | | true | -| enableClusterRoles.license-proxyserver | | true | -| enableClusterRoles.metrics | | true | -| enableClusterRoles.prometheus | | true | -| enableClusterRoles.stash | | true | +| enableClusterRoles.ace | | false | +| enableClusterRoles.appcatalog | | false | +| enableClusterRoles.catalog | | false | +| enableClusterRoles.cert-manager | | false | +| enableClusterRoles.kubedb-ui | | false | +| enableClusterRoles.kubedb | | false | +| enableClusterRoles.kubestash | | false | +| enableClusterRoles.kubevault | | false | +| enableClusterRoles.license-proxyserver | | false | +| enableClusterRoles.metrics | | false | +| enableClusterRoles.prometheus | | false | +| enableClusterRoles.secrets-store | | false | +| enableClusterRoles.stash | | false | +| enableClusterRoles.virtual-secrets | | false | | annotations.helm.sh/hook | | pre-install,pre-upgrade | | annotations.helm.sh/hook-delete-policy | | before-hook-creation | @@ -68,12 +70,12 @@ The following table lists the configurable parameters of the `ace-user-roles` ch Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 --set annotations.helm.sh/hook=pre-install,pre-upgrade +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 --set annotations.helm.sh/hook=pre-install,pre-upgrade ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2024.9.30 --values values.yaml +$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml ``` diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/doc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/doc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/doc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/doc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/NOTES.txt b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/_helpers.tpl b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/_helpers.tpl similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/_helpers.tpl rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/_helpers.tpl diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/ace/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/ace/user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/ace/user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/ace/user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/appcatalog/appcatalog-user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/catalog/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/catalog/user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/catalog/user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/catalog/user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/cert-manager/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/cert-manager/user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/cert-manager/user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/cert-manager/user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb-ui/user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/autoscaler.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/autoscaler.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/autoscaler.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/autoscaler.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/core.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/core.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/core.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/core.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/gitops.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/gitops.yaml new file mode 100644 index 0000000..c2a3d12 --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/gitops.yaml @@ -0,0 +1,54 @@ +{{- if dig "kubedb" false .Values.enableClusterRoles }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubedb:gitops:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - gitops.kubedb.com + resources: + - "*" + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubedb:gitops:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - gitops.kubedb.com + resources: + - "*" + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kubedb:gitops:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - gitops.kubedb.com + resources: + - "*" + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/ops-manager.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/ops-manager.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/ops-manager.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/ops-manager.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/schema-manager.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/schema-manager.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubedb/schema-manager.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubedb/schema-manager.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubestash/user_roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubestash/user_roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubestash/user_roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubestash/user_roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubevault/user_roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubevault/user_roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/kubevault/user_roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/kubevault/user_roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-checker-cluster-role.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/license-proxyserver/license-reader-cluster-role.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/metrics/metrics-user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/prometheus/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/prometheus/user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/prometheus/user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/prometheus/user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/secrets-store/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/secrets-store/user-roles.yaml new file mode 100644 index 0000000..7ca5f2a --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/secrets-store/user-roles.yaml @@ -0,0 +1,54 @@ +{{- if dig "secrets-store" false .Values.enableClusterRoles }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:secrets-store:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - "*" + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:secrets-store:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - "*" + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appscode:secrets-store:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - "*" + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/stash/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/stash/user-roles.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/templates/stash/user-roles.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/stash/user-roles.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/virtual-secrets/user-roles.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/virtual-secrets/user-roles.yaml new file mode 100644 index 0000000..3fda31a --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/templates/virtual-secrets/user-roles.yaml @@ -0,0 +1,57 @@ +{{- if dig "virtual-secrets" false .Values.enableClusterRoles }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:virtual-secrets:admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - virtual-secrets.dev + - config.virtual-secrets.dev + resources: + - "*" + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appscode:virtual-secrets:edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - virtual-secrets.dev + - config.virtual-secrets.dev + resources: + - "*" + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appscode:virtual-secrets:view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - virtual-secrets.dev + - config.virtual-secrets.dev + resources: + - "*" + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/values.openapiv3_schema.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/values.openapiv3_schema.yaml similarity index 87% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/values.openapiv3_schema.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/values.openapiv3_schema.yaml index 446c370..4b44617 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/values.openapiv3_schema.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/values.openapiv3_schema.yaml @@ -27,8 +27,12 @@ properties: type: boolean prometheus: type: boolean + secrets-store: + type: boolean stash: type: boolean + virtual-secrets: + type: boolean required: - ace - appcatalog @@ -41,7 +45,9 @@ properties: - license-proxyserver - metrics - prometheus + - secrets-store - stash + - virtual-secrets type: object fullnameOverride: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/values.yaml similarity index 56% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/values.yaml index 4e98328..8775c00 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/ace-user-roles/values.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/ace-user-roles/values.yaml @@ -8,18 +8,20 @@ nameOverride: "" fullnameOverride: "" enableClusterRoles: - ace: true - appcatalog: true - catalog: true - cert-manager: true - kubedb: true - kubedb-ui: true - kubestash: true - kubevault: true - license-proxyserver: true - metrics: true - prometheus: true - stash: true + ace: false + appcatalog: false + catalog: false + cert-manager: false + kubedb-ui: false + kubedb: false + kubestash: false + kubevault: false + license-proxyserver: false + metrics: false + prometheus: false + secrets-store: false + stash: false + virtual-secrets: false annotations: "helm.sh/hook": pre-install,pre-upgrade diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/.helmignore b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/.helmignore similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/.helmignore rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/.helmignore diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/Chart.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/Chart.yaml similarity index 88% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/Chart.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/Chart.yaml index 9fc1218..96f4748 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/Chart.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2025.2.10 +appVersion: v2025.3.24 description: KubeStash Catalog by AppsCode - Catalog of KubeStash Addons home: https://kubestash.com icon: https://cdn.appscode.com/images/products/stash/stash-community-icon.png @@ -10,4 +10,4 @@ name: kubestash-catalog sources: - https://github.com/kuebstash type: application -version: v2025.2.10 +version: v2025.3.24 diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/README.md b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/README.md similarity index 92% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/README.md rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/README.md index 82e6cfe..781e3e1 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/README.md +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubestash-catalog --version=v2025.2.10 -$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.2.10 +$ helm search repo appscode/kubestash-catalog --version=v2025.3.24 +$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys KubeStash catalog on a [Kubernetes](http://kubernetes.io) clu To install/upgrade the chart with the release name `kubestash-catalog`: ```bash -$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.2.10 +$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.3.24 ``` The command deploys KubeStash catalog on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -62,12 +62,12 @@ The following table lists the configurable parameters of the `kubestash-catalog` Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.2.10 --set proxies.ghcr=ghcr.io +$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.3.24 --set proxies.ghcr=ghcr.io ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.2.10 --values values.yaml +$ helm upgrade -i kubestash-catalog appscode/kubestash-catalog -n kubestash --create-namespace --version=v2025.3.24 --values values.yaml ``` diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_addons.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_addons.yaml similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_addons.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_addons.yaml index b0be089..ec5cb19 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_addons.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_addons.yaml @@ -127,10 +127,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -530,6 +532,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -776,6 +779,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -783,6 +787,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -794,6 +799,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -802,6 +808,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -819,6 +826,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -1120,10 +1128,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1523,6 +1533,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -1769,6 +1780,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -1776,6 +1788,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -1787,6 +1800,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -1795,6 +1809,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -1812,6 +1827,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_functions.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_functions.yaml similarity index 99% rename from kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_functions.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_functions.yaml index 27f84c2..2f44b94 100644 --- a/kustomize/kubedb/base/charts/kubedb-v2025.2.19/kubedb/charts/kubedb-kubestash-catalog/crds/addons.kubestash.com_functions.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/crds/addons.kubestash.com_functions.yaml @@ -315,6 +315,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -401,6 +402,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -469,6 +471,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/doc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/doc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/doc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/doc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/_helpers.tpl b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/_helpers.tpl similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/_helpers.tpl rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/_helpers.tpl diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-addon.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-addon.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-addon.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-addon.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-backup.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-backup.yaml similarity index 95% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-backup.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-backup.yaml index 97e1a06..0186834 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-backup.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/kubedump/kubedump-backup.yaml @@ -15,6 +15,6 @@ spec: - --sanitize=${sanitize:=true} - --label-selector=${labelSelector:=} - --include-dependants=${includeDependants:=false} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/kubedump") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/kubedump") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/manifest/manifest-backup.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/manifest/manifest-backup.yaml similarity index 94% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/manifest/manifest-backup.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/manifest/manifest-backup.yaml index a6ee6c8..a0efc75 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/manifest/manifest-backup.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/manifest/manifest-backup.yaml @@ -12,6 +12,6 @@ spec: - --backupsession=${backupSession:=} - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/manifest") $) }}:v0.8.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/manifest") $) }}:v0.9.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/manifest/manifest-restore.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/manifest/manifest-restore.yaml similarity index 94% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/manifest/manifest-restore.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/manifest/manifest-restore.yaml index 5013f0a..1acc0d4 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/manifest/manifest-restore.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/manifest/manifest-restore.yaml @@ -13,6 +13,6 @@ spec: - --snapshot=${snapshot:=} - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/manifest") $) }}:v0.8.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/manifest") $) }}:v0.9.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-addon.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-addon.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-addon.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-addon.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-backup.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-backup.yaml similarity index 95% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-backup.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-backup.yaml index 62b9444..204175e 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-backup.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-backup.yaml @@ -14,6 +14,6 @@ spec: - --scratch-dir=${scratchDir:=} - --exclude=${exclude:=} - --paths=${paths:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/pvc") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/pvc") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-restore.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-restore.yaml similarity index 95% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-restore.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-restore.yaml index 7d21f1f..74ac87b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/pvc/pvc-restore.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/pvc/pvc-restore.yaml @@ -13,6 +13,6 @@ spec: - --snapshot=${snapshot:=} - --enable-cache=${enableCache:=} - --scratch-dir=${scratchDir:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/pvc") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/pvc") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-backup.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-backup.yaml similarity index 91% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-backup.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-backup.yaml index e0595f1..605c510 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-backup.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-backup.yaml @@ -11,7 +11,6 @@ spec: - --namespace=${namespace:=default} - --backupsession=${backupSession:=} - --volume-snapshot-class-name=${volumeSnapshotClassName:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/volume-snapshotter") - $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/volume-snapshotter") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-restore.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-restore.yaml similarity index 91% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-restore.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-restore.yaml index b0186aa..1b4dde2 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-restore.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/volumesnapshot/volumesnapshot-restore.yaml @@ -12,7 +12,6 @@ spec: - --restoresession=${restoreSession:=} - --snapshot=${snapshot:=} - --task-name=${taskName:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/volume-snapshotter") - $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/volume-snapshotter") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-addon.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-addon.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-addon.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-addon.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-backup.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-backup.yaml similarity index 94% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-backup.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-backup.yaml index 96af5ae..b8732d5 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-backup.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-backup.yaml @@ -14,6 +14,6 @@ spec: - --scratch-dir=${scratchDir:=} - --paths=${paths:=} - --exclude=${exclude:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/workload") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/workload") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-restore.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-restore.yaml similarity index 94% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-restore.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-restore.yaml index 61c6c1f..72ab509 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/templates/workload/workload-restore.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/templates/workload/workload-restore.yaml @@ -15,6 +15,6 @@ spec: - --scratch-dir=${scratchDir:=} - --exclude=${exclude:=} - --include=${include:=} - image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/workload") $) }}:v0.15.0' + image: '{{ include "image.ghcr" (merge (dict "_repo" "kubestash/workload") $) }}:v0.16.0' {{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/values.openapiv3_schema.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/values.openapiv3_schema.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/values.openapiv3_schema.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/values.openapiv3_schema.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/values.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-catalog/values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-catalog/values.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/.helmignore b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/Chart.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/Chart.yaml similarity index 87% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/Chart.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/Chart.yaml index 1027a90..04fc4a7 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/Chart.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2025.2.10 +appVersion: v2025.3.24 description: KubeStash State Metrics home: https://kubestash.com icon: https://cdn.appscode.com/images/products/stash/stash-community-icon.png @@ -10,4 +10,4 @@ name: kubestash-metrics sources: - https://github.com/kuebstash type: application -version: v2025.2.10 +version: v2025.3.24 diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/README.md b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/README.md similarity index 87% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/README.md rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/README.md index 1f32616..8a7b296 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/README.md +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubestash-metrics --version=v2025.2.10 -$ helm upgrade -i kubestash-metrics appscode/kubestash-metrics -n kubestash --create-namespace --version=v2025.2.10 +$ helm search repo appscode/kubestash-metrics --version=v2025.3.24 +$ helm upgrade -i kubestash-metrics appscode/kubestash-metrics -n kubestash --create-namespace --version=v2025.3.24 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys KubeStash metrics configurations on a [Kubernetes](http://kub To install/upgrade the chart with the release name `kubestash-metrics`: ```bash -$ helm upgrade -i kubestash-metrics appscode/kubestash-metrics -n kubestash --create-namespace --version=v2025.2.10 +$ helm upgrade -i kubestash-metrics appscode/kubestash-metrics -n kubestash --create-namespace --version=v2025.3.24 ``` The command deploys KubeStash metrics configurations on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/crds/metrics.appscode.com_metricsconfigurations.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/doc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/doc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/doc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/doc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/NOTES.txt b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/NOTES.txt similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/NOTES.txt rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/NOTES.txt diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupconfiguration.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupconfiguration.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupconfiguration.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupconfiguration.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupsession.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupsession.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupsession.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupsession.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupstorage.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupstorage.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupstorage.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-backupstorage.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-repository.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-repository.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-repository.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-repository.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-restoresession.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-restoresession.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-restoresession.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-restoresession.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-snapshot.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-snapshot.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/templates/metricsconfig-snapshot.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/templates/metricsconfig-snapshot.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/values.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-metrics/values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-metrics/values.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/.helmignore b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/.helmignore similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/.helmignore rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/.helmignore diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/Chart.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/Chart.yaml similarity index 89% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/Chart.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/Chart.yaml index 0ad47c2..642735e 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/Chart.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.16.0 +appVersion: v0.17.0 description: KubeStash, Kubernetes native backup operator by AppsCode home: https://kubestash.com/ icon: https://cdn.appscode.com/images/products/stash/kubestash-operator-icon.png @@ -9,4 +9,4 @@ maintainers: name: kubestash-operator sources: - https://github.com/stashed -version: v0.16.0 +version: v0.17.0 diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/README.md b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/README.md similarity index 91% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/README.md rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/README.md index 50155e8..7e6efee 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/README.md +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable/ $ helm repo update -$ helm search repo appscode/kubestash-operator --version=v0.16.0 -$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.16.0 +$ helm search repo appscode/kubestash-operator --version=v0.17.0 +$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.17.0 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys KubeStash operator on a [Kubernetes](http://kubernetes.io) cl To install/upgrade the chart with the release name `kubestash-operator`: ```bash -$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.16.0 +$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.17.0 ``` The command deploys KubeStash operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -57,10 +57,6 @@ The following table lists the configurable parameters of the `kubestash-operator | operator.tag | Operator container image tag | "" | | operator.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} | | operator.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | -| rbacproxy.registry | Docker registry used to pull operator image | appscode | -| rbacproxy.repository | Name of operator container image | kube-rbac-proxy | -| rbacproxy.tag | Operator container image tag | v0.15.0 | -| rbacproxy.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | | cleaner.registry | Docker registry used to pull Webhook cleaner image | appscode | | cleaner.repository | Webhook cleaner container image | kubectl | | cleaner.tag | Webhook cleaner container image tag | v1.31 | @@ -87,7 +83,6 @@ The following table lists the configurable parameters of the `kubestash-operator | apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 | | apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | true | | apiserver.enableValidatingWebhook | If true, validating webhook is configured for Stash CRDss | true | -| apiserver.ca | CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. | not-ca-cert | | apiserver.bypassValidatingWebhookXray | If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. | false | | apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | | apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | @@ -113,12 +108,12 @@ The following table lists the configurable parameters of the `kubestash-operator Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.16.0 --set replicaCount=1 +$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.17.0 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.16.0 --values values.yaml +$ helm upgrade -i kubestash-operator appscode/kubestash-operator -n kubestash --create-namespace --version=v0.17.0 --values values.yaml ``` diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/ci/ci-values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/ci/ci-values.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/ci/ci-values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/ci/ci-values.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_addons.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_addons.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_addons.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_addons.yaml index 2b08886..f9726c0 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_addons.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_addons.yaml @@ -125,10 +125,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -528,6 +530,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -774,6 +777,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -781,6 +785,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -792,6 +797,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -800,6 +806,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -817,6 +824,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -1118,10 +1126,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1521,6 +1531,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -1767,6 +1778,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -1774,6 +1786,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -1785,6 +1798,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -1793,6 +1807,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -1810,6 +1825,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_functions.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_functions.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_functions.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_functions.yaml index 8d3ce0c..3933cc1 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_functions.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/addons.kubestash.com_functions.yaml @@ -313,6 +313,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -399,6 +400,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -467,6 +469,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupbatches.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupbatches.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupbatches.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupbatches.yaml index 051a3c3..2d550bb 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupbatches.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupbatches.yaml @@ -341,6 +341,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -427,6 +428,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -495,6 +497,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1102,6 +1106,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -1128,6 +1134,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -1351,10 +1359,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1754,6 +1764,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2002,6 +2013,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -2009,6 +2021,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -2020,6 +2033,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2028,6 +2042,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2045,6 +2060,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2394,6 +2410,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2480,6 +2497,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2548,6 +2566,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3155,6 +3175,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -3181,6 +3203,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -3404,10 +3428,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -3807,6 +3833,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -4055,6 +4082,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -4062,6 +4090,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -4073,6 +4102,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -4081,6 +4111,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -4098,6 +4129,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -5114,6 +5146,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5220,6 +5253,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5301,6 +5335,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -5418,6 +5454,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5677,6 +5714,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5774,6 +5812,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5842,6 +5881,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -5894,6 +5935,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -5920,6 +5963,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -6074,10 +6119,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -6477,6 +6524,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -6725,6 +6773,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -6732,6 +6781,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -6743,6 +6793,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -6751,6 +6802,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -6768,6 +6820,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -7114,6 +7167,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7200,6 +7254,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7268,6 +7323,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8268,6 +8325,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8374,6 +8432,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8455,6 +8514,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8572,6 +8633,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8831,6 +8893,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8928,6 +8991,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8996,6 +9060,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -9048,6 +9114,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -9074,6 +9142,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -9228,10 +9298,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -9631,6 +9703,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -9879,6 +9952,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -9886,6 +9960,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -9897,6 +9972,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -9905,6 +9981,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -9922,6 +9999,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -10032,10 +10110,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -10435,6 +10515,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -10681,6 +10762,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -10688,6 +10770,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -10699,6 +10782,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -10707,6 +10791,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -10724,6 +10809,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -11188,10 +11274,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -11591,6 +11679,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -11839,6 +11928,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -11846,6 +11936,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -11857,6 +11948,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -11865,6 +11957,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -11882,6 +11975,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupblueprints.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupblueprints.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupblueprints.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupblueprints.yaml index aed2e70..34a1c0b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupblueprints.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupblueprints.yaml @@ -315,6 +315,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -401,6 +402,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -469,6 +471,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1469,6 +1473,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1575,6 +1580,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1656,6 +1662,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1773,6 +1781,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2032,6 +2041,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2129,6 +2139,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2197,6 +2208,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2249,6 +2262,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -2275,6 +2290,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2429,10 +2446,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2832,6 +2851,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3080,6 +3100,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3087,6 +3108,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3098,6 +3120,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3106,6 +3129,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3123,6 +3147,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -3233,10 +3258,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -3636,6 +3663,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3882,6 +3910,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3889,6 +3918,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3900,6 +3930,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3908,6 +3939,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3925,6 +3957,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -4389,10 +4422,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -4792,6 +4827,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -5040,6 +5076,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -5047,6 +5084,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -5058,6 +5096,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -5066,6 +5105,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -5083,6 +5123,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -5504,6 +5545,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5590,6 +5632,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5658,6 +5701,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -6265,6 +6310,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -6291,6 +6338,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -6514,10 +6563,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -6917,6 +6968,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -7165,6 +7217,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -7172,6 +7225,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -7183,6 +7237,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -7191,6 +7246,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -7208,6 +7264,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -7557,6 +7614,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7643,6 +7701,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7711,6 +7770,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8318,6 +8379,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -8344,6 +8407,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -8567,10 +8632,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -8970,6 +9037,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -9218,6 +9286,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -9225,6 +9294,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -9236,6 +9306,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -9244,6 +9315,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -9261,6 +9333,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -10312,6 +10385,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10418,6 +10492,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10499,6 +10574,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -10616,6 +10693,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10875,6 +10953,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10972,6 +11051,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -11040,6 +11120,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -11092,6 +11174,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -11118,6 +11202,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -11272,10 +11358,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -11675,6 +11763,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -11923,6 +12012,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -11930,6 +12020,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -11941,6 +12032,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -11949,6 +12041,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -11966,6 +12059,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupconfigurations.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupconfigurations.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupconfigurations.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupconfigurations.yaml index 9d80f92..e056e41 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupconfigurations.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupconfigurations.yaml @@ -317,6 +317,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -403,6 +404,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -471,6 +473,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1471,6 +1475,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1577,6 +1582,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1658,6 +1664,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1775,6 +1783,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2034,6 +2043,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2131,6 +2141,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2199,6 +2210,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2251,6 +2264,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -2277,6 +2292,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2431,10 +2448,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2834,6 +2853,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3082,6 +3102,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3089,6 +3110,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3100,6 +3122,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3108,6 +3131,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3125,6 +3149,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -3235,10 +3260,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -3638,6 +3665,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3884,6 +3912,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3891,6 +3920,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3902,6 +3932,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3910,6 +3941,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3927,6 +3959,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -4391,10 +4424,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -4794,6 +4829,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -5042,6 +5078,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -5049,6 +5086,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -5060,6 +5098,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -5068,6 +5107,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -5085,6 +5125,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -5506,6 +5547,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5592,6 +5634,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5660,6 +5703,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -6267,6 +6312,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -6293,6 +6340,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -6516,10 +6565,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -6919,6 +6970,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -7167,6 +7219,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -7174,6 +7227,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -7185,6 +7239,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -7193,6 +7248,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -7210,6 +7266,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -7559,6 +7616,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7645,6 +7703,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7713,6 +7772,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8320,6 +8381,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -8346,6 +8409,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -8569,10 +8634,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -8972,6 +9039,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -9220,6 +9288,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -9227,6 +9296,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -9238,6 +9308,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -9246,6 +9317,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -9263,6 +9335,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -10314,6 +10387,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10420,6 +10494,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10501,6 +10576,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -10618,6 +10695,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10877,6 +10955,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -10974,6 +11053,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -11042,6 +11122,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -11094,6 +11176,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -11120,6 +11204,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -11274,10 +11360,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -11677,6 +11765,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -11925,6 +12014,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -11932,6 +12022,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -11943,6 +12034,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -11951,6 +12043,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -11968,6 +12061,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupsessions.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupsessions.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupsessions.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupsessions.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverificationsession.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverificationsession.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverificationsession.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverificationsession.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverifier.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverifier.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverifier.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverifier.yaml index 9671f9d..c30fe46 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverifier.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_backupverifier.yaml @@ -286,6 +286,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -372,6 +373,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -440,6 +442,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1440,6 +1444,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1546,6 +1551,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1627,6 +1633,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1744,6 +1752,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2003,6 +2012,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2100,6 +2110,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2168,6 +2179,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2220,6 +2233,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -2246,6 +2261,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2400,10 +2417,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2803,6 +2822,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3051,6 +3071,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3058,6 +3079,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3069,6 +3091,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3077,6 +3100,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3094,6 +3118,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -3204,10 +3229,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -3607,6 +3634,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3853,6 +3881,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3860,6 +3889,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3871,6 +3901,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3879,6 +3910,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3896,6 +3928,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -4360,10 +4393,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -4763,6 +4798,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -5011,6 +5047,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -5018,6 +5055,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -5029,6 +5067,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -5037,6 +5076,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -5054,6 +5094,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -5467,6 +5508,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5553,6 +5595,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5621,6 +5664,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -6228,6 +6273,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -6254,6 +6301,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -7289,6 +7338,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7395,6 +7445,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7476,6 +7527,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -7593,6 +7646,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7852,6 +7906,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7949,6 +8004,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8017,6 +8073,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8069,6 +8127,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -8095,6 +8155,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -8249,10 +8311,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -8652,6 +8716,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -8900,6 +8965,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -8907,6 +8973,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -8918,6 +8985,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -8926,6 +8994,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -8943,6 +9012,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -9103,10 +9173,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -9506,6 +9578,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -9754,6 +9827,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -9761,6 +9835,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -9772,6 +9847,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -9780,6 +9856,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -9797,6 +9874,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_hooktemplates.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_hooktemplates.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_hooktemplates.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_hooktemplates.yaml index f79a144..b951f8b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_hooktemplates.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_hooktemplates.yaml @@ -254,10 +254,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -657,6 +659,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -905,6 +908,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -912,6 +916,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -923,6 +928,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -931,6 +937,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -948,6 +955,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_restoresessions.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_restoresessions.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_restoresessions.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_restoresessions.yaml index b626910..7dbbff9 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/core.kubestash.com_restoresessions.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/core.kubestash.com_restoresessions.yaml @@ -290,6 +290,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -376,6 +377,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -444,6 +446,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1444,6 +1448,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1550,6 +1555,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1631,6 +1637,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1748,6 +1756,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2007,6 +2016,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2104,6 +2114,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -2172,6 +2183,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2224,6 +2237,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -2250,6 +2265,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2404,10 +2421,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2807,6 +2826,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3055,6 +3075,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3062,6 +3083,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3073,6 +3095,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3081,6 +3104,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3098,6 +3122,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -3208,10 +3233,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -3611,6 +3638,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3857,6 +3885,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3864,6 +3893,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3875,6 +3905,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3883,6 +3914,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3900,6 +3932,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -4364,10 +4397,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -4767,6 +4802,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -5015,6 +5051,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -5022,6 +5059,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -5033,6 +5071,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -5041,6 +5080,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -5058,6 +5098,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -5507,6 +5548,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5593,6 +5635,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -5661,6 +5704,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -6268,6 +6313,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -6294,6 +6341,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -6517,10 +6566,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -6920,6 +6971,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -7168,6 +7220,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -7175,6 +7228,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -7186,6 +7240,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -7194,6 +7249,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -7211,6 +7267,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -7560,6 +7617,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7646,6 +7704,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -7714,6 +7773,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8321,6 +8382,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -8347,6 +8410,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -8570,10 +8635,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -8973,6 +9040,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -9221,6 +9289,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -9228,6 +9297,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -9239,6 +9309,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -9247,6 +9318,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -9264,6 +9336,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_backupstorages.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_backupstorages.yaml similarity index 99% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_backupstorages.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_backupstorages.yaml index 7879820..31d765b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_backupstorages.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_backupstorages.yaml @@ -302,6 +302,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -388,6 +389,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -456,6 +458,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1063,6 +1067,8 @@ spec: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -1089,6 +1095,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -1249,10 +1257,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1652,6 +1662,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -1900,6 +1911,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -1907,6 +1919,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -1918,6 +1931,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -1926,6 +1940,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -1943,6 +1958,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_repositories.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_repositories.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_repositories.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_repositories.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_retentionpolicies.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_retentionpolicies.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_retentionpolicies.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_retentionpolicies.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_snapshots.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_snapshots.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_snapshots.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/crds/storage.kubestash.com_snapshots.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/doc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/doc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/doc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/doc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/NOTES.txt b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/NOTES.txt similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/NOTES.txt rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/NOTES.txt diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/_helpers.tpl b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/_helpers.tpl similarity index 75% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/_helpers.tpl rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/_helpers.tpl index 2ff4a10..c371d2e 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/_helpers.tpl +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/_helpers.tpl @@ -94,13 +94,6 @@ Returns the registry used for operator docker image {{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }} {{- end }} -{{/* -Returns the registry used for kube-rbac-proxy docker image -*/}} -{{- define "rbacproxy.registry" -}} -{{- list .Values.registryFQDN .Values.rbacproxy.registry | compact | join "/" }} -{{- end }} - {{/* Returns the registry used for cleaner docker image */}} @@ -128,3 +121,33 @@ imagePullSecrets: {{- toYaml . | nindent 2 }} {{- end -}} {{- end -}} + +{{/* +Prepare certs +*/}} +{{- define "kubestash-operator.prepare-certs" -}} +{{- if not ._caCrt }} +{{- $caCrt := "" }} +{{- $serverCrt := "" }} +{{- $serverKey := "" }} +{{- if .Values.apiserver.servingCerts.generate }} +{{- $ca := genCA "ca" 3650 }} +{{- $cn := include "kubestash-operator.webhookServiceName" . -}} +{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} +{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} +{{- $caCrt = b64enc $ca.Cert }} +{{- $serverCrt = b64enc $server.Cert }} +{{- $serverKey = b64enc $server.Key }} +{{- else }} +{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} +{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} +{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} +{{- end }} + +{{ $_ := set $ "_caCrt" $caCrt }} +{{ $_ := set $ "_serverCrt" $serverCrt }} +{{ $_ := set $ "_serverKey" $serverKey }} + +{{- end }} +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/cluster_role.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/cluster_role.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/cluster_role.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/cluster_role.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/cluster_rolebinding.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/cluster_rolebinding.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/cluster_rolebinding.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/cluster_rolebinding.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/job.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/job.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/job.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/job.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/serviceaccount.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/serviceaccount.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/cleaner/serviceaccount.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/cleaner/serviceaccount.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/license/license-checker-cluster-role-binding.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/license/license-checker-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/license/license-checker-cluster-role-binding.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/license/license-checker-cluster-role-binding.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/license/license-reader-cluster-role-binding.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/license/license-reader-cluster-role-binding.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/license/license-reader-cluster-role-binding.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/license/license-reader-cluster-role-binding.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/license/license.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/license/license.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/license/license.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/license/license.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/configuration.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/configuration.yaml similarity index 92% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/configuration.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/configuration.yaml index 7ab9e54..6bd89f4 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/configuration.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/configuration.yaml @@ -9,13 +9,15 @@ data: config.yaml: | apiVersion: config.kubestash.com/v1alpha1 kind: KubeStashConfig + certDir: /var/serving-cert + enableHTTP2: false health: healthProbeBindAddress: :8081 metrics: - bindAddress: 127.0.0.1:8080 + bindAddress: 127.0.0.1:8443 + secureMetrics: true webhook: port: 9443 - certDir: /var/serving-cert leaderElection: leaderElect: false resourceName: cba9d7ad.kubestash.com diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/deployment.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/deployment.yaml similarity index 86% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/deployment.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/deployment.yaml index 9cdc06c..33ad57b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/deployment.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/deployment.yaml @@ -25,7 +25,7 @@ spec: {{- include "kubestash-operator.selectorLabels" . | nindent 8 }} component: operator annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/webhook-server/cert.yaml") . | sha256sum }} + reload: {{ include (print $.Template.BasePath "/webhook-server/cert.yaml") . | sha256sum }} {{- if $criticalAddon }} scheduler.alpha.kubernetes.io/critical-pod: '' {{- end }} @@ -47,6 +47,13 @@ spec: {{- if include "appscode.licenseSecretName" . }} - --license-file=/var/run/secrets/appscode/license/key.txt {{- end }} + ports: + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP {{- with .Values.envFrom }} envFrom: {{- toYaml . | nindent 8 }} @@ -63,17 +70,19 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_SERVICE_ACCOUNT + value: {{ include "kubestash-operator.serviceAccountName" . }} {{- if .Values.apiserver.healthcheck.enabled }} readinessProbe: httpGet: path: /readyz - port: 8081 + port: probes initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /healthz - port: 8081 + port: probes initialDelaySeconds: 15 periodSeconds: 20 {{- end }} @@ -84,6 +93,9 @@ spec: name: tmpdir - name: kubestash-tmp-volume mountPath: /kubestash-tmp + - name: serving-cert + mountPath: /var/serving-cert + readOnly: true - name: config mountPath: /var/config {{- if include "appscode.licenseSecretName" . }} @@ -95,6 +107,10 @@ spec: emptyDir: {} - name: kubestash-tmp-volume emptyDir: {} + - name: serving-cert + secret: + defaultMode: 420 + secretName: {{ include "kubestash-operator.fullname" . }}-cert - name: config configMap: name: {{ include "kubestash-operator.fullname" . }}-config diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/network_policy.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/network_policy.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/operator/network_policy.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/operator/network_policy.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/auth_proxy.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/auth_proxy.yaml new file mode 100644 index 0000000..b252ced --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/auth_proxy.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kubestash-operator.fullname" . }}-auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: {{ include "kubestash-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + +{{ end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/cluster_role.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/cluster_role.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/cluster_role.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/cluster_role.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/cluster_role_binding.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/cluster_role_binding.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/cluster_role_binding.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/cluster_role_binding.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/leader_election.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/leader_election.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/leader_election.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/leader_election.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/serviceaccount.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/serviceaccount.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/rbac/serviceaccount.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/rbac/serviceaccount.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/backup-job-scc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/backup-job-scc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/backup-job-scc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/backup-job-scc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/backupsession-cron-scc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/backupsession-cron-scc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/backupsession-cron-scc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/backupsession-cron-scc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/operator-scc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/operator-scc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/operator-scc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/operator-scc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/restore-job-scc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/restore-job-scc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/scc/restore-job-scc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/scc/restore-job-scc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/cert.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/cert.yaml new file mode 100644 index 0000000..00863f4 --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/cert.yaml @@ -0,0 +1,18 @@ +{{ template "kubestash-operator.prepare-certs" $ }} + +{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "kubestash-operator.fullname" . }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubestash-operator.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + ca.crt: {{ $._caCrt }} + tls.crt: {{ $._serverCrt }} + tls.key: {{ $._serverKey }} + +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/deployment.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/deployment.yaml similarity index 85% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/deployment.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/deployment.yaml index 09d74f9..fc0ef63 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/deployment.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/deployment.yaml @@ -25,7 +25,7 @@ spec: {{- include "kubestash-operator.selectorLabels" . | nindent 8 }} component: webhook-server annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/webhook-server/cert.yaml") . | sha256sum }} + reload: {{ include (print $.Template.BasePath "/webhook-server/cert.yaml") . | sha256sum }} {{- if $criticalAddon }} scheduler.alpha.kubernetes.io/critical-pod: '' {{- end }} @@ -45,7 +45,13 @@ spec: - webhook-server - --config=/var/config/config.yaml ports: - - name: webhook-server + - containerPort: 8081 + name: probes + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + - name: https containerPort: 9443 protocol: TCP env: @@ -61,13 +67,13 @@ spec: readinessProbe: httpGet: path: /readyz - port: 8081 + port: probes initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /healthz - port: 8081 + port: probes initialDelaySeconds: 15 periodSeconds: 20 {{- end }} @@ -83,19 +89,6 @@ spec: readOnly: true - name: config mountPath: /var/config - - name: kube-rbac-proxy - image: "{{ include "rbacproxy.registry" . }}/{{ .Values.rbacproxy.repository }}:{{ .Values.rbacproxy.tag }}" - securityContext: - {{- toYaml .Values.rbacproxy.securityContext | nindent 10 }} - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - ports: - - containerPort: 8443 - name: https - protocol: TCP volumes: - name: tmpdir emptyDir: {} @@ -104,7 +97,7 @@ spec: - name: serving-cert secret: defaultMode: 420 - secretName: {{ include "kubestash-operator.fullname" . }}-webhook-cert + secretName: {{ include "kubestash-operator.fullname" . }}-cert - name: config configMap: name: {{ include "kubestash-operator.fullname" . }}-config diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/mutating_webhook.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/mutating_webhook.yaml similarity index 92% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/mutating_webhook.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/mutating_webhook.yaml index 5f71b1f..55609b2 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/mutating_webhook.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/mutating_webhook.yaml @@ -1,3 +1,5 @@ +{{ template "kubestash-operator.prepare-certs" $ }} + {{- if .Values.apiserver.enableMutatingWebhook }} apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -16,7 +18,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /mutate-storage-kubestash-com-v1alpha1-backupstorage - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: mbackupstorage.kb.io rules: @@ -37,7 +39,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /mutate-storage-kubestash-com-v1alpha1-retentionpolicy - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: mretentionpolicy.kb.io rules: @@ -58,7 +60,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /mutate-core-kubestash-com-v1alpha1-backupblueprint - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: mbackupblueprint.kb.io rules: @@ -79,7 +81,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /mutate-core-kubestash-com-v1alpha1-backupconfiguration - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: mbackupconfiguration.kb.io rules: @@ -100,7 +102,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /mutate-core-kubestash-com-v1alpha1-hooktemplate - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: mhooktemplate.kb.io rules: diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/network-policy.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/network-policy.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/network-policy.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/network-policy.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/monitoring/service.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/service.yaml similarity index 83% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/monitoring/service.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/service.yaml index 30608a7..9b3600d 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/monitoring/service.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "kubestash-operator.fullname" . }} + name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "kubestash-operator.labels" . | nindent 4 }} @@ -18,10 +18,15 @@ metadata: spec: ports: - name: https - port: 8443 + port: 443 protocol: TCP targetPort: https + - name: metrics + port: 8443 + protocol: TCP + targetPort: metrics selector: {{- include "kubestash-operator.selectorLabels" . | nindent 4 }} component: webhook-server -{{ end }} + +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/monitoring/servicemonitor.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/servicemonitor.yaml similarity index 72% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/monitoring/servicemonitor.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/servicemonitor.yaml index 982fff3..92c154c 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/monitoring/servicemonitor.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/servicemonitor.yaml @@ -22,16 +22,24 @@ spec: {{- include "kubestash-operator.selectorLabels" . | nindent 6 }} endpoints: {{- if .Values.monitoring.operator }} - - port: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token path: /metrics + port: metrics scheme: https tlsConfig: ca: secret: - name: {{ include "kubestash-operator.fullname" . }}-webhook-cert + name: {{ include "kubestash-operator.fullname" . }}-cert + key: ca.crt + cert: + secret: + name: {{ include "kubestash-operator.fullname" . }}-cert key: tls.crt + insecureSkipVerify: false + keySecret: + name: {{ include "kubestash-operator.fullname" . }}-cert + key: tls.key serverName: "{{ include "kubestash-operator.fullname" . }}.{{ .Release.Namespace }}.svc" {{- end }} {{- end }} -{{ end }} +{{- end }} diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/validating_webhook.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/validating_webhook.yaml similarity index 92% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/validating_webhook.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/validating_webhook.yaml index 614cf23..78abecf 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/templates/webhook-server/validating_webhook.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/templates/webhook-server/validating_webhook.yaml @@ -1,3 +1,5 @@ +{{ template "kubestash-operator.prepare-certs" $ }} + {{- if .Values.apiserver.enableValidatingWebhook }} apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -16,7 +18,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-storage-kubestash-com-v1alpha1-backupstorage - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vbackupstorage.kb.io rules: @@ -37,7 +39,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-storage-kubestash-com-v1alpha1-repository - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vrepository.kb.io rules: @@ -58,7 +60,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-storage-kubestash-com-v1alpha1-retentionpolicy - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vretentionpolicy.kb.io rules: @@ -79,7 +81,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-core-kubestash-com-v1alpha1-backupbatch - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vbackupbatch.kb.io rules: @@ -100,7 +102,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-core-kubestash-com-v1alpha1-backupblueprint - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vbackupblueprint.kb.io rules: @@ -121,7 +123,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-core-kubestash-com-v1alpha1-backupconfiguration - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vbackupconfiguration.kb.io rules: @@ -142,7 +144,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-core-kubestash-com-v1alpha1-backupsession - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vbackupsession.kb.io rules: @@ -163,7 +165,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-core-kubestash-com-v1alpha1-hooktemplate - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vhooktemplate.kb.io rules: @@ -184,7 +186,7 @@ webhooks: name: {{ include "kubestash-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} path: /validate-core-kubestash-com-v1alpha1-restoresession - caBundle: {{ b64enc .Values.apiserver.ca }} + caBundle: {{ $._caCrt }} failurePolicy: Fail name: vrestoresession.kb.io rules: diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/values.openapiv3_schema.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/values.openapiv3_schema.yaml new file mode 100644 index 0000000..89538ff --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/values.openapiv3_schema.yaml @@ -0,0 +1,4012 @@ +properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to an update), the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are + ORed. + items: + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the + corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + bypassValidatingWebhookXray: + type: boolean + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + format: int32 + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + format: int32 + type: integer + required: + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + type: object + cleaner: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + registry: + type: string + repository: + type: string + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + skip: + type: boolean + tag: + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + required: + - registry + - repository + - skip + - tag + type: object + criticalAddon: + type: boolean + env: + description: 'List of environment variables to set in the container. + + Cannot be updated.' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + + using the previously defined environment variables in the container and + + any service environment variables. If a variable cannot be resolved, + + the reference in the input string will be unchanged. Double $$ are reduced + + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + + Escaped references will never be expanded, regardless of whether the variable + + exists or not. + + Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used + if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits + and requests + + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: 'List of sources to populate environment variables in the container. + + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + + will be reported as an event when the container is starting. When a key exists + in multiple + + sources, the value associated with the last source will take precedence. + + Values defined by an Env with a duplicate key will take precedence. + + Cannot be updated.' + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + license: + type: string + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + type: string + backup: + type: boolean + operator: + type: boolean + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + netVolAccessor: + properties: + cpu: + type: string + memory: + type: string + privileged: + type: boolean + runAsUser: + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + platform: + properties: + openshift: + type: boolean + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + security: + properties: + apparmor: + properties: + enabled: + type: boolean + type: object + seccomp: + properties: + enabled: + type: boolean + type: object + required: + - apparmor + - seccomp + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' + type: string + type: object + type: array +required: +- cleaner +- imagePullPolicy +- monitoring +- operator +- registryFQDN +- replicaCount +- security +- serviceAccount +type: object diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/values.yaml similarity index 91% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/values.yaml index b10d9c2..264c1ff 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/charts/kubestash-operator/values.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/charts/kubestash-operator/values.yaml @@ -42,24 +42,6 @@ operator: seccompProfile: type: RuntimeDefault -rbacproxy: - # Docker registry used to pull operator image - registry: appscode - # Name of operator container image - repository: kube-rbac-proxy - # Operator container image tag - tag: v0.15.0 - # Security options this container should run with - securityContext: # +doc-gen:break - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - cleaner: # Docker registry used to pull Webhook cleaner image registry: appscode @@ -138,8 +120,6 @@ apiserver: enableMutatingWebhook: true # If true, validating webhook is configured for Stash CRDss enableValidatingWebhook: true - # CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. - ca: not-ca-cert # If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. bypassValidatingWebhookXray: false # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/ci/ci-values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/ci/ci-values.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/ci/ci-values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/ci/ci-values.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/doc.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/doc.yaml similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/doc.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/doc.yaml diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/templates/NOTES.txt b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/templates/NOTES.txt similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/templates/NOTES.txt rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/templates/NOTES.txt diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/templates/_helpers.tpl b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/templates/_helpers.tpl similarity index 100% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/templates/_helpers.tpl rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/templates/_helpers.tpl diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/values.openapiv3_schema.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/values.openapiv3_schema.yaml new file mode 100644 index 0000000..4256197 --- /dev/null +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/values.openapiv3_schema.yaml @@ -0,0 +1,4293 @@ +properties: + ace-user-roles: + properties: + enableClusterRoles: + properties: + ace: + type: boolean + appcatalog: + type: boolean + catalog: + type: boolean + cert-manager: + type: boolean + kubedb: + type: boolean + kubedb-ui: + type: boolean + kubestash: + type: boolean + kubevault: + type: boolean + license-proxyserver: + type: boolean + metrics: + type: boolean + prometheus: + type: boolean + secrets-store: + type: boolean + stash: + type: boolean + virtual-secrets: + type: boolean + required: + - ace + - appcatalog + - catalog + - cert-manager + - kubedb + - kubedb-ui + - kubestash + - kubevault + - license-proxyserver + - metrics + - prometheus + - secrets-store + - stash + - virtual-secrets + type: object + enabled: + type: boolean + required: + - enabled + type: object + global: + properties: + imagePullSecrets: + items: + description: 'LocalObjectReference contains enough information to let you + locate the + + referenced object inside the same namespace.' + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value here + are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + license: + type: string + networkPolicy: + properties: + enabled: + type: boolean + required: + - enabled + type: object + registry: + type: string + registryFQDN: + type: string + skipCleaner: + type: boolean + required: + - license + - registry + - registryFQDN + - skipCleaner + type: object + kubestash-catalog: + properties: + enabled: + type: boolean + kubedump: + properties: + backup: + properties: + includeDependants: + type: boolean + labelSelector: + type: string + sanitize: + type: boolean + required: + - includeDependants + - labelSelector + - sanitize + type: object + enabled: + type: boolean + required: + - backup + - enabled + type: object + manifest: + properties: + enabled: + type: boolean + required: + - enabled + type: object + proxies: + properties: + ghcr: + description: ghcr.io + type: string + type: object + pvc: + properties: + enabled: + type: boolean + required: + - enabled + type: object + volumesnapshot: + properties: + enabled: + type: boolean + required: + - enabled + type: object + waitTimeout: + format: int64 + type: integer + workload: + properties: + enabled: + type: boolean + required: + - enabled + type: object + required: + - enabled + - kubedump + - manifest + - pvc + - volumesnapshot + - waitTimeout + - workload + type: object + kubestash-metrics: + properties: + enabled: + type: boolean + required: + - enabled + type: object + kubestash-operator: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to an update), the + system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: 'A null or empty node selector term matches no + objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship to + a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will be + interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node that + is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling anti-affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and + adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + bypassValidatingWebhookXray: + type: boolean + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + format: int32 + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + format: int32 + type: integer + required: + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + type: object + cleaner: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node + that is + + most preferred is the one with the greatest sum of weights, + i.e. + + for each node that meets all of the scheduling requirements + (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field + and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' + items: + description: 'An empty preferred scheduling term matches all + objects with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op).' + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by + node's labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the + operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will + be interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by + node's fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the + operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will + be interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to + be met + + at some point during pod execution (e.g. due to an update), + the system + + may or may not try to eventually evict the pod from its node.' + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: 'A null or empty node selector term matches + no objects. The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the + NodeSelectorTerm.' + properties: + matchExpressions: + description: A list of node selector requirements by + node's labels. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the + operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will + be interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by + node's fields. + items: + description: 'A node selector requirement is a selector + that contains values, a key, and an operator + + that relates the key and values.' + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' + type: string + values: + description: 'An array of string values. If the + operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator + is Gt or Lt, the values + + array must have a single element, which will + be interpreted as an integer. + + This array is replaced during a strategic merge + patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the affinity expressions specified by this field, but it may + choose + + a node that violates one or more of the expressions. The node + that is + + most preferred is the one with the greatest sum of weights, + i.e. + + for each node that meets all of the scheduling requirements + (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field + and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, + in this case pods. + + If it''s null, this PodAffinityTerm matches with no + Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is + a selector that contains values, a key, and + an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: 'operator represents a key''s + relationship to a set of values. + + Valid operators are In, NotIn, Exists and + DoesNotExist.' + type: string + values: + description: 'values is an array of string + values. If the operator is In or NotIn, + + the values array must be non-empty. If the + operator is Exists or DoesNotExist, + + the values array must be empty. This array + is replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains + only "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to + lookup values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will + be taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys + that don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label + keys to select which pods will + + be taken into consideration. The keys are used to + lookup values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will + be taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys + that don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces + that the term applies to. + + The term is applied to the union of the namespaces + selected by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is + a selector that contains values, a key, and + an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: 'operator represents a key''s + relationship to a set of values. + + Valid operators are In, NotIn, Exists and + DoesNotExist.' + type: string + values: + description: 'values is an array of string + values. If the operator is In or NotIn, + + the values array must be non-empty. If the + operator is Exists or DoesNotExist, + + the values array must be empty. This array + is replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains + only "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of + namespace names that the term applies to. + + The term is applied to the union of the namespaces + listed in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where + co-located is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the affinity requirements specified by this field cease to + be met + + at some point during pod execution (e.g. due to a pod label + update), the + + system may or may not try to eventually evict the pod from its + node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the + labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value + of + + the label with key matches that of any node + on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: 'The scheduler will prefer to schedule pods to nodes + that satisfy + + the anti-affinity expressions specified by this field, but it + may choose + + a node that violates one or more of the expressions. The node + that is + + most preferred is the one with the greatest sum of weights, + i.e. + + for each node that meets all of the scheduling requirements + (resource + + request, requiredDuringScheduling anti-affinity expressions, + etc.), + + compute a sum by iterating through the elements of this field + and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: 'A label query over a set of resources, + in this case pods. + + If it''s null, this PodAffinityTerm matches with no + Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is + a selector that contains values, a key, and + an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: 'operator represents a key''s + relationship to a set of values. + + Valid operators are In, NotIn, Exists and + DoesNotExist.' + type: string + values: + description: 'values is an array of string + values. If the operator is In or NotIn, + + the values array must be non-empty. If the + operator is Exists or DoesNotExist, + + the values array must be empty. This array + is replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains + only "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to + lookup values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will + be taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys + that don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label + keys to select which pods will + + be taken into consideration. The keys are used to + lookup values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will + be taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys + that don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces + that the term applies to. + + The term is applied to the union of the namespaces + selected by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is + a selector that contains values, a key, and + an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: 'operator represents a key''s + relationship to a set of values. + + Valid operators are In, NotIn, Exists and + DoesNotExist.' + type: string + values: + description: 'values is an array of string + values. If the operator is In or NotIn, + + the values array must be non-empty. If the + operator is Exists or DoesNotExist, + + the values array must be empty. This array + is replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains + only "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of + namespace names that the term applies to. + + The term is applied to the union of the namespaces + listed in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where + co-located is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: 'If the anti-affinity requirements specified by this + field are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease + to be met + + at some point during pod execution (e.g. due to a pod label + update), the + + system may or may not try to eventually evict the pod from its + node. + + When there are multiple elements, the lists of nodes corresponding + to each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' + items: + description: 'Defines a set of pods (namely those matching the + labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value + of + + the label with key matches that of any node + on which + + a pod of the set of pods is running' + properties: + labelSelector: + description: 'A label query over a set of resources, in + this case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: 'MatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: 'MismatchLabelKeys is a set of pod label keys + to select which pods will + + be taken into consideration. The keys are used to lookup + values from the + + incoming pod labels, those key-value labels are merged + with `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be + taken into consideration + + for the incoming pod''s pod (anti) affinity. Keys that + don''t exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector + isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means + "this pod''s namespace". + + An empty selector ({}) matches all namespaces.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' + type: string + values: + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is + replaced during a strategic + + merge patch.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, + whose key field is "key", the + + operator is "In", and the values array contains only + "value". The requirements are ANDed.' + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector + means "this pod''s namespace".' + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches + that of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + registry: + type: string + repository: + type: string + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + skip: + type: boolean + tag: + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty + means match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. + Empty means match all taint keys. + + If the key is empty, operator must be Exists; this combination + means to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the + toleration (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates + the taint. By default, + + it is not set, which means tolerate the taint forever (do not + evict). Zero and + + negative values will be treated as 0 (evict immediately) by the + system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise + just a regular string.' + type: string + type: object + type: array + required: + - registry + - repository + - skip + - tag + type: object + criticalAddon: + type: boolean + enabled: + type: boolean + env: + description: 'List of environment variables to set in the container. + + Cannot be updated.' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + + using the previously defined environment variables in the container + and + + any service environment variables. If a variable cannot be resolved, + + the reference in the input string will be unchanged. Double $$ are + reduced + + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + + Escaped references will never be expanded, regardless of whether the + variable + + exists or not. + + Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be + used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests + + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) are currently + supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty + value here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: 'List of sources to populate environment variables in the container. + + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + + will be reported as an event when the container is starting. When a key + exists in multiple + + sources, the value associated with the last source will take precedence. + + Values defined by an Env with a duplicate key will take precedence. + + Cannot be updated.' + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: '' + description: 'Name of the referent. + + This field is effectively required, but due to backwards compatibility + is + + allowed to be empty. Instances of this type with an empty value + here are + + almost certainly wrong. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + license: + type: string + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + type: string + backup: + type: boolean + operator: + type: boolean + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + netVolAccessor: + properties: + cpu: + type: string + memory: + type: string + privileged: + type: boolean + runAsUser: + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the + referenced claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. + + If Requests is omitted for a container, it defaults to Limits if + that is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more + + privileges than its parent process. This bool directly controls + if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by this + container. If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the + node that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will\ + \ be applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + capabilities: + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to + root on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + procMount: + description: 'procMount denotes the type of proc mount to use for + the containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + readOnlyRootFilesystem: + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root + user. + + If true, the Kubelet will validate the image at runtime to ensure + that it + + does not run as UID 0 (root) and fail to start the container if + it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxOptions: + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in PodSecurityContext. If set in both + SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes + precedence. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in + a file on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any + other type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will + be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be + used. + + RuntimeDefault - the container runtime default profile should + be used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options from the PodSecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be + run as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and + non-HostProcess containers). + + In addition, if HostProcess is true then HostNetwork must also + be set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of + the container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + platform: + properties: + openshift: + type: boolean + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. + + Optional: Defaults to empty. See type description for default values of + each field.' + properties: + appArmorProfile: + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' + type: string + type: + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." + type: string + required: + - type + type: object + fsGroup: + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that + volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions + of any volume. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + + It will have no effect on ephemeral volume types such as: secret, configmaps + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + runAsNonRoot: + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' + type: boolean + runAsUser: + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' + format: int64 + type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux + label is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes + does not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the + container runtime. + + This may be slow for large volumes, but allows mixing privileged and + unprivileged Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount + option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all + CSI volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is + enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in + PodSecurityContext or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + seLinuxOptions: + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux + context for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in + SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' + properties: + localhostProfile: + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' + type: string + type: + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' + type: string + required: + - type + type: object + supplementalGroups: + description: 'A list of groups applied to the first process run in each + container, in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is + used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature + gate to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string + sysctls: + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will + be used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' + properties: + gmsaCredentialSpec: + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be + set to true.' + type: boolean + runAsUserName: + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + security: + properties: + apparmor: + properties: + enabled: + type: boolean + type: object + seccomp: + properties: + enabled: + type: boolean + type: object + required: + - apparmor + - seccomp + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: 'The pod this Toleration is attached to tolerates any taint + that matches + + the triple using the matching operator .' + properties: + effect: + description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and + NoExecute.' + type: string + key: + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means + to match all values and all keys.' + type: string + operator: + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the + taint. By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' + format: int64 + type: integer + value: + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just + a regular string.' + type: string + type: object + type: array + required: + - cleaner + - enabled + - imagePullPolicy + - monitoring + - operator + - registryFQDN + - replicaCount + - security + - serviceAccount + type: object +required: +- global +type: object diff --git a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/values.yaml b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/values.yaml similarity index 96% rename from kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/values.yaml rename to kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/values.yaml index 80c15f8..cdcc07b 100644 --- a/kustomize/kubestash/base/charts/kubestash-v2025.2.10/kubestash/values.yaml +++ b/kustomize/kubestash/base/charts/kubestash-v2025.3.24/kubestash/values.yaml @@ -47,11 +47,13 @@ ace-user-roles: appcatalog: true catalog: false cert-manager: false - kubedb: false kubedb-ui: false + kubedb: false kubestash: true kubevault: false license-proxyserver: true metrics: true prometheus: false + secrets-store: false stash: false + virtual-secrets: false diff --git a/kustomize/kubestash/base/kustomization.yaml b/kustomize/kubestash/base/kustomization.yaml index 7ddf84d..ae720c5 100644 --- a/kustomize/kubestash/base/kustomization.yaml +++ b/kustomize/kubestash/base/kustomization.yaml @@ -13,5 +13,5 @@ helmCharts: enabled: false releaseName: kubestash namespace: kubestash - version: v2025.2.10 + version: v2025.3.24 repo: oci://ghcr.io/appscode-charts diff --git a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/Chart.yaml b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/Chart.yaml index f789c6d..8f17137 100644 --- a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/Chart.yaml +++ b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.0.17 +appVersion: v0.0.18 dependencies: - condition: ace-user-roles.enabled name: ace-user-roles diff --git a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/charts/ace-user-roles/templates/NOTES.txt b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/charts/ace-user-roles/templates/NOTES.txt index b6389aa..e69de29 100644 --- a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/charts/ace-user-roles/templates/NOTES.txt +++ b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/charts/ace-user-roles/templates/NOTES.txt @@ -1,3 +0,0 @@ -To verify that UI Server has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ace-user-roles.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/templates/apiregistration.yaml b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/templates/apiregistration.yaml index 15b9d37..30c3534 100644 --- a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/templates/apiregistration.yaml +++ b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/templates/apiregistration.yaml @@ -49,7 +49,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "panopticon.fullname" . }}-apiserver-auth-delegator + name: {{ include "panopticon.fullname" . }}-auth-delegator labels: {{- include "panopticon.labels" . | nindent 4 }} roleRef: diff --git a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/values.openapiv3_schema.yaml b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/values.openapiv3_schema.yaml index ba5114f..a4c4c65 100644 --- a/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/values.openapiv3_schema.yaml +++ b/kustomize/panopticon/base/charts/panopticon-v2025.3.14/panopticon/values.openapiv3_schema.yaml @@ -59,19 +59,31 @@ properties: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node matches the corresponding matchExpressions; + the + + node(s) with the highest sum are the most preferred.' items: - description: An empty preferred scheduling term matches all objects - with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling - term matches no objects (i.e. is also a no-op). + description: 'An empty preferred scheduling term matches all objects + with implicit weight 0 + + (i.e. it''s a no-op). A null preferred scheduling term matches no + objects (i.e. is also a no-op).' properties: preference: description: A node selector term, associated with the corresponding @@ -81,26 +93,35 @@ properties: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' type: string values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' items: type: string type: array @@ -115,26 +136,35 @@ properties: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' type: string values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' items: type: string type: array @@ -159,44 +189,61 @@ properties: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. + + may or may not try to eventually evict the pod from its node.' properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches no objects. - The requirements of them are ANDed. The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. + description: 'A null or empty node selector term matches no objects. + The requirements of + + them are ANDed. + + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.' properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' type: string values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' items: type: string type: array @@ -211,26 +258,35 @@ properties: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A node selector requirement is a selector that + contains values, a key, and an operator + + that relates the key and values.' properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: 'Represents a key''s relationship to a set + of values. + + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt.' type: string values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. If the operator is Gt or Lt, the - values array must have a single element, which will - be interpreted as an integer. This array is replaced - during a strategic merge patch. + description: 'An array of string values. If the operator + is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. If the operator is Gt + or Lt, the values + + array must have a single element, which will be interpreted + as an integer. + + This array is replaced during a strategic merge patch.' items: type: string type: array @@ -255,15 +311,25 @@ properties: pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the affinity expressions specified by this field, but it may - choose a node that violates one or more of the expressions. The node - that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), compute - a sum by iterating through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + + request, requiredDuringScheduling affinity expressions, etc.), + + compute a sum by iterating through the elements of this field and adding + + "weight" to the sum if the node has pods which matches the corresponding + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -273,33 +339,41 @@ properties: corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -313,79 +387,121 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -399,38 +515,54 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' format: int32 type: integer required: @@ -440,48 +572,71 @@ properties: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are - not met at scheduling time, the pod will not be scheduled onto the node. + description: 'If the affinity requirements specified by this field are + not met at + + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the pod from its node. + the + + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must be satisfied. + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' properties: labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -495,76 +650,120 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -578,31 +777,45 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means - "this pod's namespace". + "this pod''s namespace".' items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' type: string required: - topologyKey @@ -615,15 +828,25 @@ properties: this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that - satisfy the anti-affinity expressions specified by this field, but it - may choose a node that violates one or more of the expressions. The - node that is most preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements (resource + description: 'The scheduler will prefer to schedule pods to nodes that + satisfy + + the anti-affinity expressions specified by this field, but it may choose + + a node that violates one or more of the expressions. The node that is + + most preferred is the one with the greatest sum of weights, i.e. + + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are the most preferred. + podAffinityTerm; the + + node(s) with the highest sum are the most preferred.' items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -633,33 +856,41 @@ properties: corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this - case pods. If it's null, this PodAffinityTerm matches with - no Pods. + description: 'A label query over a set of resources, in this + case pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -673,79 +904,121 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are - used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key in - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys + and labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to - select which pods will be taken into consideration. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are merged with `labelSelector` as `key notin - (value)` to select the group of existing pods which pods will - be taken into consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming pod labels - will be ignored. The default value is empty. The same key - is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't - set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: 'MismatchLabelKeys is a set of pod label keys to + select which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys + and labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the - term applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces - field. null selector and null or empty namespaces list means - "this pod's namespace". An empty selector ({}) matches all - namespaces. + description: 'A label query over the set of namespaces that + the term applies to. + + The term is applied to the union of the namespaces selected + by this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this + pod''s namespace". + + An empty selector ({}) matches all namespaces.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: 'A label selector requirement is a selector + that contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: 'values is an array of string values. + If the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -759,38 +1032,54 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: 'matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied to the - union of the namespaces listed in this field and the ones - selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: 'namespaces specifies a static list of namespace + names that the term applies to. + + The term is applied to the union of the namespaces listed + in this field + + and the ones selected by namespaceSelector. + + null or empty namespaces list and null namespaceSelector means + "this pod''s namespace".' items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not - co-located (anti-affinity) with the pods matching the labelSelector - in the specified namespaces, where co-located is defined as - running on a node whose value of the label with key topologyKey - matches that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. + description: 'This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that + of any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. + description: 'weight associated with matching the corresponding + podAffinityTerm, + + in the range 1-100.' format: int32 type: integer required: @@ -800,48 +1089,72 @@ properties: type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict the pod from - its node. When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: 'If the anti-affinity requirements specified by this field + are not met at + + scheduling time, the pod will not be scheduled onto the node. + + If the anti-affinity requirements specified by this field cease to be + met + + at some point during pod execution (e.g. due to a pod label update), + the + + system may or may not try to eventually evict the pod from its node. + + When there are multiple elements, the lists of nodes corresponding to + each + + podAffinityTerm are intersected, i.e. all terms must be satisfied.' items: - description: Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: 'Defines a set of pods (namely those matching the labelSelector + + relative to the given namespace(s)) that this pod should be + + co-located (affinity) or not co-located (anti-affinity) with, + + where co-located is defined as running on a node whose value of + + the label with key matches that of any node on which + + a pod of the set of pods is running' properties: labelSelector: - description: A label query over a set of resources, in this case - pods. If it's null, this PodAffinityTerm matches with no Pods. + description: 'A label query over a set of resources, in this case + pods. + + If it''s null, this PodAffinityTerm matches with no Pods.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -855,76 +1168,120 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key in (value)` to - select the group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. Keys - that don't exist in the incoming pod labels will be ignored. The - default value is empty. The same key is forbidden to exist in - both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot - be set when labelSelector isn't set. This is an alpha field and - requires enabling MatchLabelKeysInPodAffinity feature gate. + description: 'MatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key in (value)` + + to select the group of existing pods which pods will be taken + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both matchLabelKeys and + labelSelector. + + Also, matchLabelKeys cannot be set when labelSelector isn''t set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label keys to select - which pods will be taken into consideration. The keys are used - to lookup values from the incoming pod labels, those key-value - labels are merged with `labelSelector` as `key notin (value)` + description: 'MismatchLabelKeys is a set of pod label keys to select + which pods will + + be taken into consideration. The keys are used to lookup values + from the + + incoming pod labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` + to select the group of existing pods which pods will be taken - into consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will be ignored. - The default value is empty. The same key is forbidden to exist - in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys - cannot be set when labelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity feature gate. + into consideration + + for the incoming pod''s pod (anti) affinity. Keys that don''t + exist in the incoming + + pod labels will be ignored. The default value is empty. + + The same key is forbidden to exist in both mismatchLabelKeys and + labelSelector. + + Also, mismatchLabelKeys cannot be set when labelSelector isn''t + set. + + This is a beta field and requires enabling MatchLabelKeysInPodAffinity + feature gate (enabled by default).' items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term - applies to. The term is applied to the union of the namespaces - selected by this field and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: 'A label query over the set of namespaces that the + term applies to. + + The term is applied to the union of the namespaces selected by + this field + + and the ones listed in the namespaces field. + + null selector and null or empty namespaces list means "this pod''s + namespace". + + An empty selector ({}) matches all namespaces.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: 'A label selector requirement is a selector that + contains values, a key, and an operator that + + relates the key and values.' properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: 'operator represents a key''s relationship + to a set of values. + + Valid operators are In, NotIn, Exists and DoesNotExist.' type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + description: 'values is an array of string values. If + the operator is In or NotIn, + + the values array must be non-empty. If the operator + is Exists or DoesNotExist, + + the values array must be empty. This array is replaced + during a strategic + + merge patch.' items: type: string type: array @@ -938,31 +1295,45 @@ properties: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: 'matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels + + map is equivalent to an element of matchExpressions, whose + key field is "key", the + + operator is "In", and the values array contains only "value". + The requirements are ANDed.' type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names - that the term applies to. The term is applied to the union of - the namespaces listed in this field and the ones selected by namespaceSelector. + description: 'namespaces specifies a static list of namespace names + that the term applies to. + + The term is applied to the union of the namespaces listed in this + field + + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means - "this pod's namespace". + "this pod''s namespace".' items: type: string type: array x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located - (anti-affinity) with the pods matching the labelSelector in the - specified namespaces, where co-located is defined as running on - a node whose value of the label with key topologyKey matches that - of any node on which any of the selected pods is running. Empty - topologyKey is not allowed. + description: 'This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching + + the labelSelector in the specified namespaces, where co-located + is defined as running on a node + + whose value of the label with key topologyKey matches that of + any node on which any of the + + selected pods is running. + + Empty topologyKey is not allowed.' type: string required: - topologyKey @@ -1024,35 +1395,54 @@ properties: properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' properties: localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' type: string type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' properties: add: description: Added capabilities @@ -1070,52 +1460,88 @@ properties: x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. + description: 'Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' properties: level: description: Level is SELinux level label that applies to the container. @@ -1131,59 +1557,90 @@ properties: type: string type: object seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' properties: localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' type: string type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all containers. + description: 'The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook + description: 'GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + In addition, if HostProcess is true then HostNetwork must also be - set to true. + set to true.' type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' type: string type: object type: object @@ -1211,17 +1668,35 @@ properties: description: Compute Resources required by the sidecar container. properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\ - \ that are used by this container. \n This is an alpha field and requires\ - \ enabling the DynamicResourceAllocation feature gate. \n This field\ - \ is immutable. It can only be set for containers." + description: 'Claims lists the names of resources, defined in spec.resourceClaims, + + that are used by this container. + + + This is an alpha field and requires enabling the + + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers.' items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource available - inside a container. + description: 'Name must match the name of one entry in pod.spec.resourceClaims + of + + the Pod where this field is used. It makes that resource available + + inside a container.' + type: string + request: + description: 'Request is the name chosen for a request in the referenced + claim. + + If empty, everything from the claim is made available, otherwise + + only the result of this request.' type: string required: - name @@ -1238,7 +1713,9 @@ properties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + allowed. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1248,9 +1725,15 @@ properties: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + required. + + If Requests is omitted for a container, it defaults to Limits if that + is explicitly specified, + + otherwise to an implementation-defined value. Requests cannot exceed + Limits. + + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1258,35 +1741,54 @@ properties: properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a process can - gain more privileges than its parent process. This bool directly controls - if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN + gain more + + privileges than its parent process. This bool directly controls if + + the no_new_privs flag will be set on the container process. + + AllowPrivilegeEscalation is true always when the container is: + + 1) run as Privileged + + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows.' type: boolean appArmorProfile: - description: appArmorProfile is the AppArmor options to use by this container. - If set, this profile overrides the pod's appArmorProfile. Note that - this field cannot be set when spec.os.name is windows. + description: 'appArmorProfile is the AppArmor options to use by this container. + If set, this profile + + overrides the pod''s appArmorProfile. + + Note that this field cannot be set when spec.os.name is windows.' properties: localhostProfile: - description: localhostProfile indicates a profile loaded on the node - that should be used. The profile must be preconfigured on the node - to work. Must match the loaded name of the profile. Must be set - if and only if type is "Localhost". + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' type: string type: - description: 'type indicates which kind of AppArmor profile will be - applied. Valid options are: Localhost - a profile pre-loaded on - the node. RuntimeDefault - the container runtime''s default profile. - Unconfined - no AppArmor enforcement.' + description: "type indicates which kind of AppArmor profile will be\ + \ applied.\nValid options are:\n Localhost - a profile pre-loaded\ + \ on the node.\n RuntimeDefault - the container runtime's default\ + \ profile.\n Unconfined - no AppArmor enforcement." type: string required: - type type: object capabilities: - description: The capabilities to add/drop when running containers. Defaults - to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. + description: 'The capabilities to add/drop when running containers. + + Defaults to the default set of capabilities granted by the container + runtime. + + Note that this field cannot be set when spec.os.name is windows.' properties: add: description: Added capabilities @@ -1304,52 +1806,88 @@ properties: x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name is windows. + description: 'Run container in privileged mode. + + Processes in privileged containers are essentially equivalent to root + on the host. + + Defaults to false. + + Note that this field cannot be set when spec.os.name is windows.' type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults - for readonly paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot be set when - spec.os.name is windows. + description: 'procMount denotes the type of proc mount to use for the + containers. + + The default value is Default which uses the container runtime defaults + for + + readonly paths and masked paths. + + This requires the ProcMountType feature flag to be enabled. + + Note that this field cannot be set when spec.os.name is windows.' type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default - is false. Note that this field cannot be set when spec.os.name is windows. + description: 'Whether this container has a read-only root filesystem. + + Default is false. + + Note that this field cannot be set when spec.os.name is windows.' type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is windows. + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. + description: 'Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that - it does not run as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be performed. May also - be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, - the container runtime will allocate a random SELinux context for each + description: 'The SELinux context to be applied to the container. + + If unspecified, the container runtime will allocate a random SELinux + context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. Note that this field cannot be set when spec.os.name is - windows. + and + + PodSecurityContext, the value specified in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is windows.' properties: level: description: Level is SELinux level label that applies to the container. @@ -1365,59 +1903,90 @@ properties: type: string type: object seccompProfile: - description: The seccomp options to use by this container. If seccomp - options are provided at both the pod & container level, the container - options override the pod options. Note that this field cannot be set - when spec.os.name is windows. + description: 'The seccomp options to use by this container. If seccomp + options are + + provided at both the pod & container level, the container options + + override the pod options. + + Note that this field cannot be set when spec.os.name is windows.' properties: localhostProfile: - description: localhostProfile indicates a profile defined in a file - on the node should be used. The profile must be preconfigured on - the node to work. Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: 'localhostProfile indicates a profile defined in a file + on the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured + seccomp profile location. + + Must be set if type is "Localhost". Must NOT be set for any other + type.' type: string type: - description: "type indicates which kind of seccomp profile will be\ - \ applied. Valid options are: \n Localhost - a profile defined in\ - \ a file on the node should be used. RuntimeDefault - the container\ - \ runtime default profile should be used. Unconfined - no profile\ - \ should be applied." + description: 'type indicates which kind of seccomp profile will be + applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be + used. + + Unconfined - no profile should be applied.' type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all containers. + description: 'The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note that this field cannot be - set when spec.os.name is linux. + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook + description: 'GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents - of the GMSA credential spec named by the GMSACredentialSpecName - field. + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should be run as - a 'Host Process' container. All of a Pod's containers must have - the same effective HostProcess value (it is not allowed to have - a mix of HostProcess containers and non-HostProcess containers). + description: 'HostProcess determines if a container should be run + as a ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + In addition, if HostProcess is true then HostNetwork must also be - set to true. + set to true.' type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint of the - container process. Defaults to the user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: 'The UserName in Windows to run the entrypoint of the + container process. + + Defaults to the user specified in image metadata if unspecified. + + May also be set in PodSecurityContext. If set in both SecurityContext + and + + PodSecurityContext, the value specified in SecurityContext takes + precedence.' type: string type: object type: object @@ -1481,77 +2050,184 @@ properties: type: object podSecurityContext: description: 'PodSecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description for default - values of each field.' + container settings. + + Optional: Defaults to empty. See type description for default values of each + field.' properties: appArmorProfile: - description: appArmorProfile is the AppArmor options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name is windows. + description: 'appArmorProfile is the AppArmor options to use by the containers + in this pod. + + Note that this field cannot be set when spec.os.name is windows.' properties: localhostProfile: - description: localhostProfile indicates a profile loaded on the node that - should be used. The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. Must be set if and only if - type is "Localhost". + description: 'localhostProfile indicates a profile loaded on the node + that should be used. + + The profile must be preconfigured on the node to work. + + Must match the loaded name of the profile. + + Must be set if and only if type is "Localhost".' type: string type: - description: 'type indicates which kind of AppArmor profile will be applied. - Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - - the container runtime''s default profile. Unconfined - no AppArmor - enforcement.' + description: "type indicates which kind of AppArmor profile will be applied.\n\ + Valid options are:\n Localhost - a profile pre-loaded on the node.\n\ + \ RuntimeDefault - the container runtime's default profile.\n Unconfined\ + \ - no AppArmor enforcement." type: string required: - type type: object fsGroup: - description: "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1. The owning GID will be the\ - \ FSGroup 2. The setgid bit is set (new files created in the volume will\ - \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\ - \ If unset, the Kubelet will not modify the ownership and permissions of\ - \ any volume. Note that this field cannot be set when spec.os.name is windows." + description: 'A special supplemental group that applies to all containers + in a pod. + + Some volume types allow the Kubelet to change the ownership of that volume + + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + + 2. The setgid bit is set (new files created in the volume will be owned + by FSGroup) + + 3. The permission bits are OR''d with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any + volume. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer fsGroupChangePolicy: description: 'fsGroupChangePolicy defines behavior of changing ownership and - permission of the volume before being exposed inside Pod. This field will - only apply to volume types which support fsGroup based ownership(and permissions). + permission of the volume + + before being exposed inside Pod. This field will only apply to + + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set when spec.os.name is - windows.' + + and emptydir. + + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" + is used. + + Note that this field cannot be set when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. Uses - runtime default if unset. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot be set - when spec.os.name is windows. + description: 'The GID to run the entrypoint of the container process. + + Uses runtime default if unset. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If - true, the Kubelet will validate the image at runtime to ensure that it does - not run as UID 0 (root) and fail to start the container if it does. If unset - or false, no such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: 'Indicates that the container must run as a non-root user. + + If true, the Kubelet will validate the image at runtime to ensure that it + + does not run as UID 0 (root) and fail to start the container if it does. + + If unset or false, no such validation will be performed. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. + description: 'The UID to run the entrypoint of the container process. + + Defaults to user specified in image metadata if unspecified. + + May also be set in SecurityContext. If set in both SecurityContext and + + PodSecurityContext, the value specified in SecurityContext takes precedence + + for that container. + + Note that this field cannot be set when spec.os.name is windows.' format: int64 type: integer + seLinuxChangePolicy: + description: 'seLinuxChangePolicy defines how the container''s SELinux label + is applied to all volumes used by the Pod. + + It has no effect on nodes that do not support SELinux or to volumes does + not support SELinux. + + Valid values are "MountOption" and "Recursive". + + + "Recursive" means relabeling of all files on all Pod volumes by the container + runtime. + + This may be slow for large volumes, but allows mixing privileged and unprivileged + Pods sharing the same volume on the same node. + + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + + This requires all Pods that share the same volume to use the same SELinux + label. + + It is not possible to share the same volume among privileged and unprivileged + Pods. + + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI + volumes + + whose CSI driver announces SELinux support by setting spec.seLinuxMount: + true in their + + CSIDriver instance. Other volumes are always re-labelled recursively. + + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + + If not specified and SELinuxMount feature gate is enabled, "MountOption" + is used. + + If not specified and SELinuxMount feature gate is disabled, "MountOption" + is used for ReadWriteOncePod volumes + + and "Recursive" for all other volumes. + + + This field affects only Pods that have SELinux label set, either in PodSecurityContext + or in SecurityContext of all containers. + + + All Pods that use the same volume should use the same seLinuxChangePolicy, + otherwise some pods can get stuck in ContainerCreating state. + + Note that this field cannot be set when spec.os.name is windows.' + type: string seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: 'The SELinux context to be applied to all containers. + + If unspecified, the container runtime will allocate a random SELinux context + for each + + container. May also be set in SecurityContext. If set in + + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + + takes precedence for that container. + + Note that this field cannot be set when spec.os.name is windows.' properties: level: description: Level is SELinux level label that applies to the container. @@ -1567,43 +2243,80 @@ properties: type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this pod. Note - that this field cannot be set when spec.os.name is windows. + description: 'The seccomp options to use by the containers in this pod. + + Note that this field cannot be set when spec.os.name is windows.' properties: localhostProfile: - description: localhostProfile indicates a profile defined in a file on - the node should be used. The profile must be preconfigured on the node - to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". Must NOT - be set for any other type. + description: 'localhostProfile indicates a profile defined in a file on + the node should be used. + + The profile must be preconfigured on the node to work. + + Must be a descending path, relative to the kubelet''s configured seccomp + profile location. + + Must be set if type is "Localhost". Must NOT be set for any other type.' type: string type: - description: "type indicates which kind of seccomp profile will be applied.\ - \ Valid options are: \n Localhost - a profile defined in a file on the\ - \ node should be used. RuntimeDefault - the container runtime default\ - \ profile should be used. Unconfined - no profile should be applied." + description: 'type indicates which kind of seccomp profile will be applied. + + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + + RuntimeDefault - the container runtime default profile should be used. + + Unconfined - no profile should be applied.' type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run in each container, - in addition to the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container image for the uid of the - container process. If unspecified, no additional groups are added to any - container. Note that group memberships defined in the container image for - the uid of the container process are still effective, even if they are not - included in this list. Note that this field cannot be set when spec.os.name - is windows. + description: 'A list of groups applied to the first process run in each container, + in + + addition to the container''s primary GID and fsGroup (if specified). If + + the SupplementalGroupsPolicy feature is enabled, the + + supplementalGroupsPolicy field determines whether these are in addition + + to or instead of any group memberships defined in the container image. + + If unspecified, no additional groups are added, though group memberships + + defined in the container image may still be used, depending on the + + supplementalGroupsPolicy field. + + Note that this field cannot be set when spec.os.name is windows.' items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: 'Defines how supplemental groups of the first container processes + are calculated. + + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate + to be enabled + + and the container runtime must implement support for this feature. + + Note that this field cannot be set when spec.os.name is windows.' + type: string sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods - with unsupported sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. + description: 'Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported + + sysctls (by the container runtime) might fail to launch. + + Note that this field cannot be set when spec.os.name is windows.' items: description: Sysctl defines a kernel parameter to be set properties: @@ -1620,34 +2333,51 @@ properties: type: array x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, - the options within a container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name is - linux. + description: 'The Windows specific settings applied to all containers. + + If unspecified, the options within a container''s SecurityContext will be + used. + + If set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + + Note that this field cannot be set when spec.os.name is linux.' properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName - field. + description: 'GMSACredentialSpec is where the GMSA admission webhook + + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the + + GMSA credential spec named by the GMSACredentialSpecName field.' type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should be run as a - 'Host Process' container. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + description: 'HostProcess determines if a container should be run as a + ''Host Process'' container. + + All of a Pod''s containers must have the same effective HostProcess + value + + (it is not allowed to have a mix of HostProcess containers and non-HostProcess + containers). + + In addition, if HostProcess is true then HostNetwork must also be set + to true.' type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint of the container - process. Defaults to the user specified in image metadata if unspecified. + description: 'The UserName in Windows to run the entrypoint of the container + process. + + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes - precedence. + and + + PodSecurityContext, the value specified in SecurityContext takes precedence.' type: string type: object type: object @@ -1672,37 +2402,51 @@ properties: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any taint that - matches the triple using the matching operator . + description: 'The pod this Toleration is attached to tolerates any taint that + matches + + the triple using the matching operator .' properties: effect: - description: Effect indicates the taint effect to match. Empty means match - all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. + description: 'Effect indicates the taint effect to match. Empty means match + all taint effects. + + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.' type: string key: - description: Key is the taint key that the toleration applies to. Empty - means match all taint keys. If the key is empty, operator must be Exists; - this combination means to match all values and all keys. + description: 'Key is the taint key that the toleration applies to. Empty + means match all taint keys. + + If the key is empty, operator must be Exists; this combination means to + match all values and all keys.' type: string operator: - description: Operator represents a key's relationship to the value. Valid - operators are Exists and Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate all taints of a particular - category. + description: 'Operator represents a key''s relationship to the value. + + Valid operators are Exists and Equal. Defaults to Equal. + + Exists is equivalent to wildcard for value, so that a pod can + + tolerate all taints of a particular category.' type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration - (which must be of effect NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will be treated as 0 (evict immediately) - by the system. + description: 'TolerationSeconds represents the period of time the toleration + (which must be + + of effect NoExecute, otherwise this field is ignored) tolerates the taint. + By default, + + it is not set, which means tolerate the taint forever (do not evict). + Zero and + + negative values will be treated as 0 (evict immediately) by the system.' format: int64 type: integer value: - description: Value is the taint value the toleration matches to. If the - operator is Exists, the value should be empty, otherwise just a regular - string. + description: 'Value is the taint value the toleration matches to. + + If the operator is Exists, the value should be empty, otherwise just a + regular string.' type: string type: object type: array