kubectl:
./deploy/kubectl/kubectl.sh deploy
+yq:
+ ./deploy/yq.sh deploy
+
# Provisioning network configuration in the jump server
ironic_bridge:
pushd $(SDWAN_VERIFIER_PATH) && bash sdwan_verifier.sh && popd
# Development targets
-source: flux_cli kubectl kustomize
+source: flux_cli kubectl kustomize yq
./deploy/baremetal-operator/baremetal-operator.sh build-source
+ ./deploy/cdi-operator/cdi-operator.sh build-source
+ ./deploy/cdi/cdi.sh build-source
./deploy/cert-manager/cert-manager.sh build-source
./deploy/cluster/cluster.sh build-source
+ ./deploy/cpu-manager/cpu-manager.sh build-source
./deploy/ironic/ironic.sh build-source
./deploy/kata/kata.sh build-source
+ ./deploy/kubevirt-operator/kubevirt-operator.sh build-source
+ ./deploy/kubevirt/kubevirt.sh build-source
+ ./deploy/multus-cni/multus-cni.sh build-source
+ ./deploy/nodus/nodus.sh build-source
+ ./deploy/qat-plugin/qat-plugin.sh build-source
local -r addon=$1
local -r cluster_name=${CLUSTER_NAME:-icn}
local -r cluster_kubeconfig="${BUILDDIR}/${cluster_name}.conf"
- [[ $(kubectl --kubeconfig=${cluster_kubeconfig} -n kud get HelmRelease/${addon} -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') == "True" ]]
+ [[ $(kubectl --kubeconfig=${cluster_kubeconfig} -n kud get Kustomization/${addon} -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') == "True" ]]
}
function test_addons {
# security hardening.
if [[ "${container_runtime}" == "containerd://1.2.13" ]]; then
# With containerd 1.2.13, the qat test container image fails to unpack.
- kud_tests="topology-manager-sriov:sriov-network multus:multus-cni ovn4nfv:ovn4nfv-network nfd:node-feature-discovery sriov-network:sriov-network cmk:cpu-manager"
+ kud_tests="topology-manager-sriov:sriov-network multus:multus-cni ovn4nfv:nodus-network nfd:node-feature-discovery sriov-network:sriov-network cmk:cpu-manager"
else
- kud_tests="topology-manager-sriov:sriov-network multus:multus-cni ovn4nfv:ovn4nfv-network nfd:node-feature-discovery sriov-network:sriov-network qat:qat-device-plugin cmk:cpu-manager"
+ kud_tests="topology-manager-sriov:sriov-network multus:multus-cni ovn4nfv:nodus-network nfd:node-feature-discovery sriov-network:sriov-network qat:qat-plugin cmk:cpu-manager"
fi
for kud_test in ${kud_tests}; do
addon="${kud_test#*:}"
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cdi.kubevirt.io: ""
+ name: cdi
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ name: cdis.cdi.kubevirt.io
+spec:
+ group: cdi.kubevirt.io
+ names:
+ kind: CDI
+ listKind: CDIList
+ plural: cdis
+ shortNames:
+ - cdi
+ - cdis
+ singular: cdi
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: CDI is the CDI Operator CRD
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CDISpec defines our specification for the CDI installation
+ properties:
+ certConfig:
+ description: certificate configuration
+ properties:
+ ca:
+ description: CA configuration CA certs are kept in the CA bundle
+ as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's `notAfter` time that we will begin to attempt
+ to renew the certificate.
+ type: string
+ type: object
+ server:
+ description: Server configuration Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's `notAfter` time that we will begin to attempt
+ to renew the certificate.
+ type: string
+ type: object
+ type: object
+ cloneStrategyOverride:
+ description: 'Clone strategy override: should we use a host-assisted
+ copy even if snapshots are available?'
+ enum:
+ - copy
+ - snapshot
+ type: string
+ config:
+ description: CDIConfig at CDI level
+ properties:
+ featureGates:
+ description: FeatureGates are a list of specific enabled feature
+ gates
+ items:
+ type: string
+ type: array
+ filesystemOverhead:
+ description: FilesystemOverhead describes the space reserved for
+ overhead when using Filesystem volumes. A value is between 0
+ and 1, if not defined it is 0.055 (5.5% overhead)
+ properties:
+ global:
+ description: Global is how much space of a Filesystem volume
+ should be reserved for overhead. This value is used unless
+ overridden by a more specific value (per storageClass)
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ storageClass:
+ additionalProperties:
+ description: 'Percent is a string that can only be a value
+ between [0,1) (Note: we actually rely on reconcile to
+ reject invalid values)'
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ description: StorageClass specifies how much space of a Filesystem
+ volume should be reserved for safety. The keys are the storageClass
+ and the values are the overhead. This value overrides the
+ global value
+ type: object
+ type: object
+ importProxy:
+ description: ImportProxy contains importer pod proxy configuration.
+ properties:
+ HTTPProxy:
+ description: HTTPProxy is the URL http://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTP requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ HTTPSProxy:
+ description: HTTPSProxy is the URL https://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTPS requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ noProxy:
+ description: NoProxy is a comma-separated list of hostnames
+ and/or CIDRs for which the proxy should not be used. Empty
+ means unset and will not result in the import pod env var.
+ type: string
+ trustedCAProxy:
+ description: "TrustedCAProxy is the name of a ConfigMap in
+ the cdi namespace that contains a user-provided trusted
+ certificate authority (CA) bundle. The TrustedCAProxy field
+ is consumed by the import controller that is resposible
+ for coping it to a config map named trusted-ca-proxy-bundle-cm
+ in the cdi namespace. Here is an example of the ConfigMap
+ (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name:
+ trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem:
+ | -----BEGIN CERTIFICATE----- \t ... <base64 encoded
+ cert> ... \t -----END CERTIFICATE-----"
+ type: string
+ type: object
+ insecureRegistries:
+ description: InsecureRegistries is a list of TLS disabled registries
+ items:
+ type: string
+ type: array
+ podResourceRequirements:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ preallocation:
+ description: Preallocation controls whether storage for DataVolumes
+ should be allocated in advance.
+ type: boolean
+ scratchSpaceStorageClass:
+ description: 'Override the storage class to used for scratch space
+ during transfer operations. The scratch space storage class
+ is determined in the following order: 1. value of scratchSpaceStorageClass,
+ if that doesn''t exist, use the default storage class, if there
+ is no default storage class, use the storage class of the DataVolume,
+ if no storage class specified, use no storage class for scratch
+ space'
+ type: string
+ uploadProxyURLOverride:
+ description: Override the URL used when uploading to a DataVolume
+ type: string
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull a container
+ image
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ infra:
+ description: Rules on which nodes CDI infrastructure pods will be
+ scheduled
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed with
+ nodeSelector. affinity is going to be applied to the relevant
+ kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to the
+ relevant kind of pods It specifies a map of key-value pairs:
+ for the pod to be eligible to run on a node, the node must have
+ each of the indicated key-value pairs as labels (it can have
+ additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied to the
+ relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than default
+ ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ uninstallStrategy:
+ description: CDIUninstallStrategy defines the state to leave CDI on
+ uninstall
+ enum:
+ - RemoveWorkloads
+ - BlockUninstallIfWorkloadsExist
+ type: string
+ workload:
+ description: Restrict on which nodes CDI workload pods will be scheduled
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed with
+ nodeSelector. affinity is going to be applied to the relevant
+ kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to the
+ relevant kind of pods It specifies a map of key-value pairs:
+ for the pod to be eligible to run on a node, the node must have
+ each of the indicated key-value pairs as labels (it can have
+ additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied to the
+ relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than default
+ ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: CDIStatus defines the status of the installation
+ properties:
+ conditions:
+ description: A list of current conditions of the resource
+ items:
+ description: Condition represents the state of the operator's reconciliation
+ functionality.
+ properties:
+ lastHeartbeatTime:
+ format: date-time
+ type: string
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType is the state of the operator's reconciliation
+ functionality.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedVersion:
+ description: The observed version of the resource
+ type: string
+ operatorVersion:
+ description: The version of the resource as defined by the operator
+ type: string
+ phase:
+ description: Phase is the current phase of the deployment
+ type: string
+ targetVersion:
+ description: The desired version of the resource
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: CDI is the CDI Operator CRD
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CDISpec defines our specification for the CDI installation
+ properties:
+ certConfig:
+ description: certificate configuration
+ properties:
+ ca:
+ description: CA configuration CA certs are kept in the CA bundle
+ as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's `notAfter` time that we will begin to attempt
+ to renew the certificate.
+ type: string
+ type: object
+ server:
+ description: Server configuration Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's `notAfter` time that we will begin to attempt
+ to renew the certificate.
+ type: string
+ type: object
+ type: object
+ cloneStrategyOverride:
+ description: 'Clone strategy override: should we use a host-assisted
+ copy even if snapshots are available?'
+ enum:
+ - copy
+ - snapshot
+ type: string
+ config:
+ description: CDIConfig at CDI level
+ properties:
+ featureGates:
+ description: FeatureGates are a list of specific enabled feature
+ gates
+ items:
+ type: string
+ type: array
+ filesystemOverhead:
+ description: FilesystemOverhead describes the space reserved for
+ overhead when using Filesystem volumes. A value is between 0
+ and 1, if not defined it is 0.055 (5.5% overhead)
+ properties:
+ global:
+ description: Global is how much space of a Filesystem volume
+ should be reserved for overhead. This value is used unless
+ overridden by a more specific value (per storageClass)
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ storageClass:
+ additionalProperties:
+ description: 'Percent is a string that can only be a value
+ between [0,1) (Note: we actually rely on reconcile to
+ reject invalid values)'
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ description: StorageClass specifies how much space of a Filesystem
+ volume should be reserved for safety. The keys are the storageClass
+ and the values are the overhead. This value overrides the
+ global value
+ type: object
+ type: object
+ importProxy:
+ description: ImportProxy contains importer pod proxy configuration.
+ properties:
+ HTTPProxy:
+ description: HTTPProxy is the URL http://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTP requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ HTTPSProxy:
+ description: HTTPSProxy is the URL https://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTPS requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ noProxy:
+ description: NoProxy is a comma-separated list of hostnames
+ and/or CIDRs for which the proxy should not be used. Empty
+ means unset and will not result in the import pod env var.
+ type: string
+ trustedCAProxy:
+ description: "TrustedCAProxy is the name of a ConfigMap in
+ the cdi namespace that contains a user-provided trusted
+ certificate authority (CA) bundle. The TrustedCAProxy field
+ is consumed by the import controller that is resposible
+ for coping it to a config map named trusted-ca-proxy-bundle-cm
+ in the cdi namespace. Here is an example of the ConfigMap
+ (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name:
+ trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem:
+ | -----BEGIN CERTIFICATE----- \t ... <base64 encoded
+ cert> ... \t -----END CERTIFICATE-----"
+ type: string
+ type: object
+ insecureRegistries:
+ description: InsecureRegistries is a list of TLS disabled registries
+ items:
+ type: string
+ type: array
+ podResourceRequirements:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ preallocation:
+ description: Preallocation controls whether storage for DataVolumes
+ should be allocated in advance.
+ type: boolean
+ scratchSpaceStorageClass:
+ description: 'Override the storage class to used for scratch space
+ during transfer operations. The scratch space storage class
+ is determined in the following order: 1. value of scratchSpaceStorageClass,
+ if that doesn''t exist, use the default storage class, if there
+ is no default storage class, use the storage class of the DataVolume,
+ if no storage class specified, use no storage class for scratch
+ space'
+ type: string
+ uploadProxyURLOverride:
+ description: Override the URL used when uploading to a DataVolume
+ type: string
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull a container
+ image
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ infra:
+ description: Rules on which nodes CDI infrastructure pods will be
+ scheduled
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed with
+ nodeSelector. affinity is going to be applied to the relevant
+ kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to the
+ relevant kind of pods It specifies a map of key-value pairs:
+ for the pod to be eligible to run on a node, the node must have
+ each of the indicated key-value pairs as labels (it can have
+ additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied to the
+ relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than default
+ ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ priorityClass:
+ description: PriorityClass of the CDI control plane
+ type: string
+ uninstallStrategy:
+ description: CDIUninstallStrategy defines the state to leave CDI on
+ uninstall
+ enum:
+ - RemoveWorkloads
+ - BlockUninstallIfWorkloadsExist
+ type: string
+ workload:
+ description: Restrict on which nodes CDI workload pods will be scheduled
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed with
+ nodeSelector. affinity is going to be applied to the relevant
+ kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces. This field is beta-level
+ and is only honored when PodAffinityNamespaceSelector
+ feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to the
+ relevant kind of pods It specifies a map of key-value pairs:
+ for the pod to be eligible to run on a node, the node must have
+ each of the indicated key-value pairs as labels (it can have
+ additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied to the
+ relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than default
+ ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: CDIStatus defines the status of the installation
+ properties:
+ conditions:
+ description: A list of current conditions of the resource
+ items:
+ description: Condition represents the state of the operator's reconciliation
+ functionality.
+ properties:
+ lastHeartbeatTime:
+ format: date-time
+ type: string
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType is the state of the operator's reconciliation
+ functionality.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedVersion:
+ description: The observed version of the resource
+ type: string
+ operatorVersion:
+ description: The version of the resource as defined by the operator
+ type: string
+ phase:
+ description: Phase is the current phase of the deployment
+ type: string
+ targetVersion:
+ description: The desired version of the resource
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator-cluster
+rules:
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ - clusterroles
+ verbs:
+ - '*'
+- apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - '*'
+- apiGroups:
+ - cdi.kubevirt.io
+ - upload.cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - '*'
+- apiGroups:
+ - apiregistration.k8s.io
+ resources:
+ - apiservices
+ verbs:
+ - '*'
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datavolumes
+ verbs:
+ - list
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datasources
+ verbs:
+ - list
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdis
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdis/finalizers
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ - persistentvolumeclaims
+ - volumesnapshots
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims/finalizers
+ - pods/finalizers
+ - volumesnapshots/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ - csidrivers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - config.openshift.io
+ resources:
+ - proxies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - scheduling.k8s.io
+ resources:
+ - priorityclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - image.openshift.io
+ resources:
+ - imagestreams
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - dataimportcrons
+ verbs:
+ - get
+ - list
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cdi-operator-cluster
+subjects:
+- kind: ServiceAccount
+ name: cdi-operator
+ namespace: cdi
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator
+ namespace: cdi
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: storage
+ app.kubernetes.io/managed-by: cdi-operator
+ cdi.kubevirt.io: ""
+ name: cdi-operator
+ namespace: cdi
+rules:
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - rolebindings
+ - roles
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - configmaps
+ - events
+ - secrets
+ - services
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - deployments/finalizers
+ verbs:
+ - '*'
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ - routes/custom-host
+ verbs:
+ - '*'
+- apiGroups:
+ - config.openshift.io
+ resources:
+ - proxies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ - prometheusrules
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: storage
+ app.kubernetes.io/managed-by: cdi-operator
+ cdi.kubevirt.io: ""
+ name: cdi-operator
+ namespace: cdi
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cdi-operator
+subjects:
+- kind: ServiceAccount
+ name: cdi-operator
+ namespace: cdi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ name: cdi-operator
+ operator.cdi.kubevirt.io: ""
+ prometheus.cdi.kubevirt.io: "true"
+ name: cdi-operator
+ namespace: cdi
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: cdi-operator
+ operator.cdi.kubevirt.io: ""
+ strategy: {}
+ template:
+ metadata:
+ labels:
+ name: cdi-operator
+ operator.cdi.kubevirt.io: ""
+ prometheus.cdi.kubevirt.io: "true"
+ spec:
+ containers:
+ - env:
+ - name: DEPLOY_CLUSTER_RESOURCES
+ value: "true"
+ - name: OPERATOR_VERSION
+ value: v1.44.1
+ - name: CONTROLLER_IMAGE
+ value: quay.io/kubevirt/cdi-controller:v1.44.1
+ - name: IMPORTER_IMAGE
+ value: quay.io/kubevirt/cdi-importer:v1.44.1
+ - name: CLONER_IMAGE
+ value: quay.io/kubevirt/cdi-cloner:v1.44.1
+ - name: APISERVER_IMAGE
+ value: quay.io/kubevirt/cdi-apiserver:v1.44.1
+ - name: UPLOAD_SERVER_IMAGE
+ value: quay.io/kubevirt/cdi-uploadserver:v1.44.1
+ - name: UPLOAD_PROXY_IMAGE
+ value: quay.io/kubevirt/cdi-uploadproxy:v1.44.1
+ - name: VERBOSITY
+ value: "1"
+ - name: PULL_POLICY
+ value: IfNotPresent
+ - name: MONITORING_NAMESPACE
+ image: quay.io/kubevirt/cdi-operator:v1.44.1
+ imagePullPolicy: IfNotPresent
+ name: cdi-operator
+ ports:
+ - containerPort: 8080
+ name: metrics
+ protocol: TCP
+ resources:
+ requests:
+ cpu: 10m
+ memory: 150Mi
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: cdi-operator
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator-leader-election-helper
+ namespace: cdi
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- cdi-operator.yaml
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://github.com/kubevirt/containerized-data-importer/releases/download/${CDI_VERSION}/cdi-operator.yaml -o ${SCRIPTDIR}/base/cdi-operator.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
--- /dev/null
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: CDI
+metadata:
+ name: cdi
+spec:
+ imagePullPolicy: IfNotPresent
+ infra:
+ nodeSelector:
+ kubernetes.io/os: linux
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ workload:
+ nodeSelector:
+ kubernetes.io/os: linux
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- cdi-cr.yaml
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://github.com/kubevirt/containerized-data-importer/releases/download/${CDI_VERSION}/cdi-cr.yaml -o ${SCRIPTDIR}/base/cdi-cr.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
--- /dev/null
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ app: cmk-discover-pod
+ name: cmk-discover-pod
+ namespace: cmk-namespace
+spec:
+ serviceAccountName: cmk-serviceaccount
+ containers:
+ - args:
+ - "/cmk/cmk.py discover --conf-dir=/etc/cmk"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: cmk:v1.4.1
+ name: cmk-discover-pod
+ volumeMounts:
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ restartPolicy: Never
+ volumes:
+ - hostPath:
+ # Change this to modify the CMK config dir in the host file system.
+ path: "/etc/cmk"
+ name: cmk-conf-dir
--- /dev/null
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ app: cmk-init-pod
+ name: cmk-init-pod
+ namespace: cmk-namespace
+spec:
+ serviceAccountName: cmk-serviceaccount
+ containers:
+ - args:
+ - "/cmk/cmk.py init --conf-dir=/etc/cmk --num-exclusive-cores=$NUM_EXCLUSIVE_CORES --num-shared-cores=$NUM_SHARED_CORES"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: CMK_PROC_FS
+ value: '/proc'
+ - name: NUM_EXCLUSIVE_CORES
+ # Change this to modify the value passed to `--num-exclusive-cores` flag.
+ value: '4'
+ - name: NUM_SHARED_CORES
+ # Change this to modify the value passed to `--num-shared-cores` flag.
+ value: '1'
+ image: cmk:v1.4.1
+ name: cmk-init-pod
+ volumeMounts:
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ restartPolicy: Never
+ volumes:
+ - hostPath:
+ # Change this to modify the CMK config dir in the host file system.
+ path: "/etc/cmk"
+ name: cmk-conf-dir
--- /dev/null
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ app: cmk-install-pod
+ name: cmk-install-pod
+ namespace: cmk-namespace
+spec:
+ serviceAccountName: cmk-serviceaccount
+ containers:
+ - args:
+ - "/cmk/cmk.py install --install-dir=/opt/bin"
+ command:
+ - "/bin/bash"
+ - "-c"
+ image: cmk:v1.4.1
+ name: cmk-install-pod
+ volumeMounts:
+ - mountPath: "/opt/bin"
+ name: cmk-install-dir
+ restartPolicy: Never
+ volumes:
+ - hostPath:
+ # Change this to modify the CMK installation dir in the host file system.
+ path: "/opt/bin"
+ name: cmk-install-dir
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cmk-namespace
--- /dev/null
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ app: cmk-node-report-ds-all
+# Needed for k8s < 1.7
+# annotations:
+# "scheduler.alpha.kubernetes.io/tolerations": '[{"key":"cmk", "value":"true"}]'
+ name: cmk-node-report-ds-all
+ namespace: cmk-namespace
+spec:
+ selector:
+ matchLabels:
+ app: cmk-node-report-ds-all
+ template:
+ metadata:
+ labels:
+ app: cmk-node-report-ds-all
+ spec:
+ serviceAccountName: cmk-serviceaccount
+# Needed for k8s >= 1.7
+# tolerations:
+# - operator: "Exists"
+ containers:
+ - args:
+ - "/cmk/cmk.py isolate --pool=infra /cmk/cmk.py -- node-report --interval=$CMK_NODE_REPORT_SLEEP_TIME --publish"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: CMK_NODE_REPORT_SLEEP_TIME
+ # Change this to modify the sleep interval between consecutive
+ # cmk node report runs. The value is specified in seconds.
+ value: '60'
+ - name: CMK_PROC_FS
+ value: "/host/proc"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: cmk:v1.4.1
+ name: cmk-nodereport
+ volumeMounts:
+ - mountPath: "/host/proc"
+ name: host-proc
+ readOnly: true
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ volumes:
+ - hostPath:
+ path: "/proc"
+ name: host-proc
+ - hostPath:
+ # Change this to modify the CMK config dir in the host file system.
+ path: "/etc/cmk"
+ name: cmk-conf-dir
--- /dev/null
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: cmk-third-party-resource-controller
+rules:
+- apiGroups: ["cmk.intel.com"]
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups: ["extensions"]
+ resources: ["thirdpartyresources", "thirdpartyresources.extensions"]
+ verbs: ["*"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: cmk-custom-resource-definition-controller
+rules:
+- apiGroups: ["intel.com"]
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions", "customresourcedefinitions.extensions"]
+ verbs: ["*"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: cmk-daemonset-controller
+rules:
+- apiGroups: ["extensions", "apps"]
+ resources: ["daemonsets", "daemonsets.extensions", "daemonsets.apps"]
+ verbs: ["*"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: cmk-version-controller
+rules:
+ - nonResourceURLs: ["*"]
+ verbs:
+ - get
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: cmk-webhook-installer
+rules:
+- apiGroups: ["", "apps", "extensions", "admissionregistration.k8s.io"]
+ resources: ["secrets", "configmaps", "deployments", "services", "mutatingwebhookconfigurations"]
+ verbs: ["*"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: cmk-node-lister
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-daemonset
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmk-daemonset-controller
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-node
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:node
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-tpr
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmk-third-party-resource-controller
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-crd
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmk-custom-resource-definition-controller
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-version
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmk-version-controller
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-webhook-installer
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmk-webhook-installer
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: cmk-role-binding-node-lister
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmk-node-lister
+subjects:
+- kind: ServiceAccount
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ app: cmk-reconcile-ds-all
+# Needed for k8s < 1.7
+# annotations:
+# "scheduler.alpha.kubernetes.io/tolerations": '[{"key":"cmk", "value":"true"}]'
+ name: cmk-reconcile-ds-all
+ namespace: cmk-namespace
+spec:
+ selector:
+ matchLabels:
+ app: cmk-reconcile-ds-all
+ template:
+ metadata:
+ labels:
+ app: cmk-reconcile-ds-all
+ spec:
+ serviceAccountName: cmk-serviceaccount
+# Needed for k8s >= 1.7
+# tolerations:
+# - operator: "Exists"
+ containers:
+ - args:
+ - "/cmk/cmk.py isolate --pool=infra /cmk/cmk.py -- reconcile --interval=$CMK_RECONCILE_SLEEP_TIME --publish"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: CMK_RECONCILE_SLEEP_TIME
+ # Change this to modify the sleep interval between consecutive
+ # cmk reconcile runs. The value is specified in seconds.
+ value: '60'
+ - name: CMK_PROC_FS
+ value: "/host/proc"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: cmk:v1.4.1
+ name: cmk-reconcile
+ volumeMounts:
+ - mountPath: "/host/proc"
+ name: host-proc
+ readOnly: true
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ volumes:
+ - hostPath:
+ path: "/proc"
+ name: host-proc
+ - hostPath:
+ # Change this to modify the CMK config dir in the host file system.
+ path: "/etc/cmk"
+ name: cmk-conf-dir
--- /dev/null
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cmk-serviceaccount
+ namespace: cmk-namespace
--- /dev/null
+apiVersion: v1
+kind: Secret
+metadata:
+ name: cmk-webhook-certs
+ #namespace: user-supplied-namespace
+data:
+ cert.pem: BASE64_ENCODED_CERT
+ key.pem: BASE64_ENCODED_KEY
+type: Opaque
--- /dev/null
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+ labels:
+ app: cmk-webhook-app
+ name: cmk-webhook-config
+webhooks:
+- clientConfig:
+ caBundle: BASE64_ENCODED_CERT
+ service:
+ name: cmk-webhook-service
+ namespace: cmk-namespace
+ path: /mutate
+ failurePolicy: Ignore
+ name: cmk.intel.com
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - pods
+
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cmk-webhook-configmap
+ #namespace: user-supplied-namespace
+data:
+ server.yaml: |
+ server:
+ binding-address: "0.0.0.0"
+ port: 443
+ cert: "/etc/ssl/cert.pem"
+ key: "/etc/ssl/key.pem"
+ mutations: "/etc/webhook/mutations.yaml"
+ mutations.yaml: |
+ mutations:
+ perPod:
+ metadata:
+ annotations:
+ cmk.intel.com/resources-injected: "true"
+ spec:
+ serviceAccount: cmk-serviceaccount
+ tolerations:
+ - operator: Exists
+ volumes:
+ - name: cmk-host-proc
+ hostPath:
+ path: "/proc"
+ - name: cmk-config-dir
+ hostPath:
+ path: "/etc/cmk"
+ - name: cmk-install-dir
+ hostPath:
+ path: "/opt/bin"
+ perContainer:
+ env:
+ - name: CMK_PROC_FS
+ value: "/host/proc"
+ volumeMounts:
+ - name: cmk-host-proc
+ mountPath: /host/proc
+ readOnly: true
+ - name: cmk-config-dir
+ mountPath: /etc/cmk
+ - name: cmk-install-dir
+ mountPath: /opt/bin
--- /dev/null
+# Copyright (c) 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: cmk-webhook-app
+ name: cmk-webhook-deployment
+ #namespace: user-supplied-namespace
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: cmk-webhook-app
+ template:
+ metadata:
+ labels:
+ app: cmk-webhook-app
+ spec:
+ tolerations:
+ - operator: "Exists"
+ containers:
+ - args:
+ - "/cmk/cmk.py webhook --conf-file /etc/webhook/server.yaml"
+ command:
+ - "/bin/bash"
+ - "-c"
+ image: cmk:v1.4.1
+ name: cmk-webhook
+ volumeMounts:
+ - mountPath: /etc/webhook
+ name: cmk-webhook-configmap
+ - mountPath: /etc/ssl
+ name: cmk-webhook-certs
+ readOnly: True
+ volumes:
+ - name: cmk-webhook-configmap
+ configMap:
+ name: cmk-webhook-configmap
+ - name: cmk-webhook-certs
+ secret:
+ secretName: cmk-webhook-certs
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ name: cmk-webhook-service
+ labels:
+ app: cmk-webhook-app
+ #namespace: user-supplied-namespace
+spec:
+ ports:
+ - port: 443
+ targetPort: 443
+ selector:
+ app: cmk-webhook-app
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- cmk-discover-pod.yaml
+- cmk-init-pod.yaml
+- cmk-install-pod.yaml
+- cmk-namespace.yaml
+- cmk-nodereport-daemonset.yaml
+- cmk-rbac-rules.yaml
+- cmk-reconcile-daemonset.yaml
+- cmk-serviceaccount.yaml
+- cmk-webhook-certs.yaml
+- cmk-webhook-config.yaml
+- cmk-webhook-configmap.yaml
+- cmk-webhook-deployment.yaml
+- cmk-webhook-service.yaml
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+# The upstream repo is not in an easily consumed structure, so first
+# grab all the YAMLs then build out what we need in the overlay
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ for yaml in cmk-namespace.yaml cmk-rbac-rules.yaml cmk-serviceaccount.yaml; do
+ curl -sL https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/${CPU_MANAGER_VERSION}/resources/authorization/${yaml} -o ${SCRIPTDIR}/base/${yaml}
+ done
+ for yaml in cmk-init-pod.yaml cmk-discover-pod.yaml cmk-install-pod.yaml cmk-nodereport-daemonset.yaml cmk-reconcile-daemonset.yaml; do
+ curl -sL https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/${CPU_MANAGER_VERSION}/resources/pods/${yaml} -o ${SCRIPTDIR}/base/${yaml}
+ done
+ for yaml in cmk-webhook-certs.yaml cmk-webhook-configmap.yaml cmk-webhook-service.yaml cmk-webhook-deployment.yaml cmk-webhook-config.yaml; do
+ curl -sL https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/${CPU_MANAGER_VERSION}/resources/webhook/${yaml} -o ${SCRIPTDIR}/base/${yaml}
+ done
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+
+ mkdir -p ${SCRIPTDIR}/icn
+ cat <<EOF >${SCRIPTDIR}/icn/daemonset-init-containers-patch.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: cmk-reconcile-ds-all
+ namespace: cmk-namespace
+spec:
+ template:
+ spec:
+ containers:
+$(yq eval '.spec.template.spec.containers' ${SCRIPTDIR}/base/cmk-nodereport-daemonset.yaml | awk '{print " "$0}')
+ initContainers:
+$(yq eval '.spec.containers' ${SCRIPTDIR}/base/cmk-init-pod.yaml | awk '{print " "$0}')
+$(yq eval '.spec.containers' ${SCRIPTDIR}/base/cmk-discover-pod.yaml | awk '{print " "$0}')
+$(yq eval '.spec.containers' ${SCRIPTDIR}/base/cmk-install-pod.yaml | awk '{print " "$0}')
+EOF
+ yq '(.spec.template.spec.initContainers[0].env[] | select(.name=="NUM_EXCLUSIVE_CORES").value) = 2' -i ${SCRIPTDIR}/icn/daemonset-init-containers-patch.yaml
+ yq '(.spec.template.spec.initContainers[1].args[0] = "/cmk/cmk.py discover --conf-dir=/etc/cmk --no-taint"' -i ${SCRIPTDIR}/icn/daemonset-init-containers-patch.yaml
+ yq '.spec.template.spec += {"volumes":[{"hostPath":{"path":"/opt/bin"},"name":"cmk-install-dir"}]}' -i ${SCRIPTDIR}/icn/daemonset-init-containers-patch.yaml
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
--- /dev/null
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: cmk-webhook-service
+ namespace: cmk-namespace
+spec:
+ secretName: cmk-webhook-certs
+ dnsNames:
+ - cmk-webhook-service.kud.svc
+ issuerRef:
+ name: cmk-selfsigned-issuer
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: cmk-reconcile-ds-all
+ namespace: cmk-namespace
+spec:
+ template:
+ spec:
+ containers:
+ - args:
+ - "/cmk/cmk.py isolate --pool=infra /cmk/cmk.py -- node-report --interval=$CMK_NODE_REPORT_SLEEP_TIME --publish"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: CMK_NODE_REPORT_SLEEP_TIME
+ # Change this to modify the sleep interval between consecutive
+ # cmk node report runs. The value is specified in seconds.
+ value: '60'
+ - name: CMK_PROC_FS
+ value: "/host/proc"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: cmk:v1.4.1
+ name: cmk-nodereport
+ volumeMounts:
+ - mountPath: "/host/proc"
+ name: host-proc
+ readOnly: true
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ initContainers:
+ - args:
+ - "/cmk/cmk.py init --conf-dir=/etc/cmk --num-exclusive-cores=$NUM_EXCLUSIVE_CORES --num-shared-cores=$NUM_SHARED_CORES"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: CMK_PROC_FS
+ value: '/proc'
+ - name: NUM_EXCLUSIVE_CORES
+ # Change this to modify the value passed to `--num-exclusive-cores` flag.
+ value: '2'
+ - name: NUM_SHARED_CORES
+ # Change this to modify the value passed to `--num-shared-cores` flag.
+ value: '1'
+ image: cmk:v1.4.1
+ name: cmk-init-pod
+ volumeMounts:
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ - args:
+ - "/cmk/cmk.py discover --conf-dir=/etc/cmk --no-taint"
+ command:
+ - "/bin/bash"
+ - "-c"
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ image: cmk:v1.4.1
+ name: cmk-discover-pod
+ volumeMounts:
+ - mountPath: "/etc/cmk"
+ name: cmk-conf-dir
+ - args:
+ - "/cmk/cmk.py install --install-dir=/opt/bin"
+ command:
+ - "/bin/bash"
+ - "-c"
+ image: cmk:v1.4.1
+ name: cmk-install-pod
+ volumeMounts:
+ - mountPath: "/opt/bin"
+ name: cmk-install-dir
+ volumes:
+ - hostPath:
+ path: /opt/bin
+ name: cmk-install-dir
--- /dev/null
+$patch: delete
+apiVersion: v1
+kind: Pod
+metadata:
+ name: cmk-discover-pod
+ namespace: cmk-namespace
--- /dev/null
+$patch: delete
+apiVersion: v1
+kind: Pod
+metadata:
+ name: cmk-init-pod
+ namespace: cmk-namespace
--- /dev/null
+$patch: delete
+apiVersion: v1
+kind: Pod
+metadata:
+ name: cmk-install-pod
+ namespace: cmk-namespace
--- /dev/null
+$patch: delete
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: cmk-node-report-ds-all
+ namespace: cmk-namespace
--- /dev/null
+$patch: delete
+apiVersion: v1
+kind: Secret
+metadata:
+ name: cmk-webhook-certs
--- /dev/null
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: cmk-selfsigned-issuer
+ namespace: cmk-namespace
+spec:
+ selfSigned: {}
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
+- issuer.yaml
+- certificate.yaml
+
+patchesStrategicMerge:
+- delete-nodereport-daemonset-patch.yaml
+- delete-init-pod-patch.yaml
+- delete-discover-pod-patch.yaml
+- delete-install-pod-patch.yaml
+- delete-webhook-secret-patch.yaml
+- daemonset-init-containers-patch.yaml
+- webhook-server-config-patch.yaml
+- webhook-config-inject-cert-patch.yaml
+
+patchesJson6902:
+- path: webhook-client-config-patch.json
+ target:
+ kind: MutatingWebhookConfiguration
+ name: cmk-webhook-config
+
+images:
+- name: cmk
+ newName: integratedcloudnative/cmk
+ newTag: v1.4.1-no-taint
--- /dev/null
+[
+ { "op": "remove", "path": "/webhooks/0/clientConfig/caBundle" },
+ { "op": "replace", "path": "/webhooks/0/clientConfig/service/namespace", "value": "kud" }
+]
--- /dev/null
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: cmk-webhook-config
+ annotations:
+ cert-manager.io/inject-ca-from: kud/cmk-webhook-service
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cmk-webhook-configmap
+data:
+ server.yaml: |
+ server:
+ binding-address: "0.0.0.0"
+ port: 443
+ cert: "/etc/ssl/tls.crt"
+ key: "/etc/ssl/tls.key"
+ mutations: "/etc/webhook/mutations.yaml"
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: iavf-driver-installer
+ namespace: kube-system
+ labels:
+ role: iavf-driver-installer
+spec:
+ selector:
+ matchLabels:
+ role: iavf-driver-installer
+ template:
+ metadata:
+ labels:
+ role: iavf-driver-installer
+ spec:
+ hostPID: true
+ initContainers:
+ - image: "integratedcloudnative/iavf-driver-installer:latest"
+ imagePullPolicy: IfNotPresent
+ name: iavf-driver-installer
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: iavf-install-dir
+ mountPath: "/usr/local/iavf"
+ - name: root-dir
+ mountPath: "/root"
+ - name: lib-modules-dir
+ mountPath: "/root/lib/modules"
+ - name: run-systemd-dir
+ mountPath: "/root/run/systemd/system"
+ containers:
+ - image: "gcr.io/google-containers/pause:3.2"
+ name: pause
+ volumes:
+ - name: iavf-install-dir
+ hostPath:
+ path: "/opt/iavf"
+ - name: root-dir
+ hostPath:
+ path: "/"
+ - name: lib-modules-dir
+ hostPath:
+ path: "/lib/modules"
+ - name: run-systemd-dir
+ hostPath:
+ path: "/run/systemd/system"
+ nodeSelector:
+ feature.node.kubernetes.io/custom-iavf: "true"
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- daemonset.yaml
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../base
--- /dev/null
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ operator.kubevirt.io: ""
+ name: kubevirts.kubevirt.io
+spec:
+ group: kubevirt.io
+ names:
+ categories:
+ - all
+ kind: KubeVirt
+ plural: kubevirts
+ shortNames:
+ - kv
+ - kvs
+ singular: kubevirt
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KubeVirt represents the object deploying all KubeVirt resources
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ certificateRotateStrategy:
+ properties:
+ selfSigned:
+ properties:
+ ca:
+ description: CA configuration CA certs are kept in the CA
+ bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ caOverlapInterval:
+ description: Deprecated. Use CA.Duration and CA.RenewBefore
+ instead
+ type: string
+ caRotateInterval:
+ description: Deprecated. Use CA.Duration instead
+ type: string
+ certRotateInterval:
+ description: Deprecated. Use Server.Duration instead
+ type: string
+ server:
+ description: Server configuration Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ type: object
+ configuration:
+ description: holds kubevirt configurations. same as the virt-configMap
+ properties:
+ apiConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ controllerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ cpuModel:
+ type: string
+ cpuRequest:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ defaultRuntimeClass:
+ type: string
+ developerConfiguration:
+ description: DeveloperConfiguration holds developer options
+ properties:
+ cpuAllocationRatio:
+ type: integer
+ diskVerification:
+ description: DiskVerification holds container disks verification
+ limits
+ properties:
+ memoryLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - memoryLimit
+ type: object
+ featureGates:
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity sets log verbosity level of various
+ components
+ properties:
+ nodeVerbosity:
+ additionalProperties:
+ type: integer
+ description: NodeVerbosity represents a map of nodes with
+ a specific verbosity level
+ type: object
+ virtAPI:
+ type: integer
+ virtController:
+ type: integer
+ virtHandler:
+ type: integer
+ virtLauncher:
+ type: integer
+ virtOperator:
+ type: integer
+ type: object
+ memoryOvercommit:
+ type: integer
+ minimumClusterTSCFrequency:
+ description: Allow overriding the automatically determined
+ minimum TSC frequency of the cluster and fixate the minimum
+ to this frequency.
+ format: int64
+ type: integer
+ minimumReservePVCBytes:
+ format: int64
+ type: integer
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ type: object
+ pvcTolerateLessSpaceUpToPercent:
+ type: integer
+ useEmulation:
+ description: UseEmulation can be set to true to allow fallback
+ to software emulation in case hardware-assisted emulation
+ is not available.
+ type: boolean
+ type: object
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ handlerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull
+ a container image
+ type: string
+ machineType:
+ type: string
+ mediatedDevicesConfiguration:
+ description: MediatedDevicesConfiguration holds inforamtion about
+ MDEV types to be defined, if available
+ properties:
+ mediatedDevicesTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeMediatedDeviceTypes:
+ items:
+ description: NodeMediatedDeviceTypesConfig holds inforamtion
+ about MDEV types to be defined in a specifc node that
+ matches the NodeSelector field.
+ properties:
+ mediatedDevicesTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'NodeSelector is a selector which must
+ be true for the vmi to fit on a node. Selector which
+ must match a node''s labels for the vmi to be scheduled
+ on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ required:
+ - mediatedDevicesTypes
+ - nodeSelector
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ memBalloonStatsPeriod:
+ format: int32
+ type: integer
+ migrations:
+ description: MigrationConfiguration holds migration options
+ properties:
+ allowAutoConverge:
+ type: boolean
+ allowPostCopy:
+ type: boolean
+ bandwidthPerMigration:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ completionTimeoutPerGiB:
+ format: int64
+ type: integer
+ disableTLS:
+ type: boolean
+ network:
+ type: string
+ nodeDrainTaintKey:
+ type: string
+ parallelMigrationsPerCluster:
+ format: int32
+ type: integer
+ parallelOutboundMigrationsPerNode:
+ format: int32
+ type: integer
+ progressTimeout:
+ format: int64
+ type: integer
+ unsafeMigrationOverride:
+ type: boolean
+ type: object
+ minCPUModel:
+ type: string
+ network:
+ description: NetworkConfiguration holds network options
+ properties:
+ defaultNetworkInterface:
+ type: string
+ permitBridgeInterfaceOnPodNetwork:
+ type: boolean
+ permitSlirpInterface:
+ type: boolean
+ type: object
+ obsoleteCPUModels:
+ additionalProperties:
+ type: boolean
+ type: object
+ ovmfPath:
+ type: string
+ permittedHostDevices:
+ description: PermittedHostDevices holds inforamtion about devices
+ allowed for passthrough
+ properties:
+ mediatedDevices:
+ items:
+ description: MediatedHostDevice represents a host mediated
+ device allowed for passthrough
+ properties:
+ externalResourceProvider:
+ type: boolean
+ mdevNameSelector:
+ type: string
+ resourceName:
+ type: string
+ required:
+ - mdevNameSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ pciHostDevices:
+ items:
+ description: PciHostDevice represents a host PCI device
+ allowed for passthrough
+ properties:
+ externalResourceProvider:
+ description: If true, KubeVirt will leave the allocation
+ and monitoring to an external device plugin
+ type: boolean
+ pciVendorSelector:
+ description: The vendor_id:product_id tuple of the PCI
+ device
+ type: string
+ resourceName:
+ description: The name of the resource that is representing
+ the device. Exposed by a device plugin and requested
+ by VMs. Typically of the form vendor.com/product_nameThe
+ name of the resource that is representing the device.
+ Exposed by a device plugin and requested by VMs. Typically
+ of the form vendor.com/product_name
+ type: string
+ required:
+ - pciVendorSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ selinuxLauncherType:
+ type: string
+ smbios:
+ properties:
+ family:
+ type: string
+ manufacturer:
+ type: string
+ product:
+ type: string
+ sku:
+ type: string
+ version:
+ type: string
+ type: object
+ supportedGuestAgentVersions:
+ description: deprecated
+ items:
+ type: string
+ type: array
+ virtualMachineInstancesPerNode:
+ type: integer
+ webhookConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ type: object
+ customizeComponents:
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ handler:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: The ImagePullPolicy to use.
+ type: string
+ imageRegistry:
+ description: The image registry to pull the container images from
+ Defaults to the same registry the operator's container image is
+ pulled from.
+ type: string
+ imageTag:
+ description: The image tag to use for the continer images installed.
+ Defaults to the same tag as the operator's container image.
+ type: string
+ infra:
+ description: selectors and tolerations that should apply to KubeVirt
+ infrastructure components
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2.
+ type: integer
+ type: object
+ monitorAccount:
+ description: The name of the Prometheus service account that needs
+ read-access to KubeVirt endpoints Defaults to prometheus-k8s
+ type: string
+ monitorNamespace:
+ description: The namespace Prometheus is deployed in Defaults to openshift-monitor
+ type: string
+ productComponent:
+ description: Designate the apps.kubevirt.io/component label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductComponent is not specified, the component label default
+ value is kubevirt.
+ type: string
+ productName:
+ description: Designate the apps.kubevirt.io/part-of label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductName is not specified, the part-of label will be omitted.
+ type: string
+ productVersion:
+ description: Designate the apps.kubevirt.io/version label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductVersion is not specified, KubeVirt's version will be used.
+ type: string
+ uninstallStrategy:
+ description: Specifies if kubevirt can be deleted if workloads are
+ still present. This is mainly a precaution to avoid accidental data
+ loss
+ type: string
+ workloadUpdateStrategy:
+ description: WorkloadUpdateStrategy defines at the cluster level how
+ to handle automated workload updates
+ properties:
+ batchEvictionInterval:
+ description: "BatchEvictionInterval Represents the interval to
+ wait before issuing the next batch of shutdowns \n Defaults
+ to 1 minute"
+ type: string
+ batchEvictionSize:
+ description: "BatchEvictionSize Represents the number of VMIs
+ that can be forced updated per the BatchShutdownInteral interval
+ \n Defaults to 10"
+ type: integer
+ workloadUpdateMethods:
+ description: "WorkloadUpdateMethods defines the methods that can
+ be used to disrupt workloads during automated workload updates.
+ When multiple methods are present, the least disruptive method
+ takes precedence over more disruptive methods. For example if
+ both LiveMigrate and Shutdown methods are listed, only VMs which
+ are not live migratable will be restarted/shutdown \n An empty
+ list defaults to no automated workload updating"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ workloads:
+ description: selectors and tolerations that should apply to KubeVirt
+ workloads
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2.
+ type: integer
+ type: object
+ type: object
+ status:
+ description: KubeVirtStatus represents information pertaining to a KubeVirt
+ deployment.
+ properties:
+ conditions:
+ items:
+ description: KubeVirtCondition represents a condition of a KubeVirt
+ deployment
+ properties:
+ lastProbeTime:
+ format: date-time
+ nullable: true
+ type: string
+ lastTransitionTime:
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ generations:
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - lastGeneration
+ - name
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedDeploymentConfig:
+ type: string
+ observedDeploymentID:
+ type: string
+ observedKubeVirtRegistry:
+ type: string
+ observedKubeVirtVersion:
+ type: string
+ operatorVersion:
+ type: string
+ outdatedVirtualMachineInstanceWorkloads:
+ type: integer
+ phase:
+ description: KubeVirtPhase is a label for the phase of a KubeVirt
+ deployment at the current time.
+ type: string
+ targetDeploymentConfig:
+ type: string
+ targetDeploymentID:
+ type: string
+ targetKubeVirtRegistry:
+ type: string
+ targetKubeVirtVersion:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: KubeVirt represents the object deploying all KubeVirt resources
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ certificateRotateStrategy:
+ properties:
+ selfSigned:
+ properties:
+ ca:
+ description: CA configuration CA certs are kept in the CA
+ bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ caOverlapInterval:
+ description: Deprecated. Use CA.Duration and CA.RenewBefore
+ instead
+ type: string
+ caRotateInterval:
+ description: Deprecated. Use CA.Duration instead
+ type: string
+ certRotateInterval:
+ description: Deprecated. Use Server.Duration instead
+ type: string
+ server:
+ description: Server configuration Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ type: object
+ configuration:
+ description: holds kubevirt configurations. same as the virt-configMap
+ properties:
+ apiConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ controllerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ cpuModel:
+ type: string
+ cpuRequest:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ defaultRuntimeClass:
+ type: string
+ developerConfiguration:
+ description: DeveloperConfiguration holds developer options
+ properties:
+ cpuAllocationRatio:
+ type: integer
+ diskVerification:
+ description: DiskVerification holds container disks verification
+ limits
+ properties:
+ memoryLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - memoryLimit
+ type: object
+ featureGates:
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity sets log verbosity level of various
+ components
+ properties:
+ nodeVerbosity:
+ additionalProperties:
+ type: integer
+ description: NodeVerbosity represents a map of nodes with
+ a specific verbosity level
+ type: object
+ virtAPI:
+ type: integer
+ virtController:
+ type: integer
+ virtHandler:
+ type: integer
+ virtLauncher:
+ type: integer
+ virtOperator:
+ type: integer
+ type: object
+ memoryOvercommit:
+ type: integer
+ minimumClusterTSCFrequency:
+ description: Allow overriding the automatically determined
+ minimum TSC frequency of the cluster and fixate the minimum
+ to this frequency.
+ format: int64
+ type: integer
+ minimumReservePVCBytes:
+ format: int64
+ type: integer
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ type: object
+ pvcTolerateLessSpaceUpToPercent:
+ type: integer
+ useEmulation:
+ description: UseEmulation can be set to true to allow fallback
+ to software emulation in case hardware-assisted emulation
+ is not available.
+ type: boolean
+ type: object
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ handlerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull
+ a container image
+ type: string
+ machineType:
+ type: string
+ mediatedDevicesConfiguration:
+ description: MediatedDevicesConfiguration holds inforamtion about
+ MDEV types to be defined, if available
+ properties:
+ mediatedDevicesTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeMediatedDeviceTypes:
+ items:
+ description: NodeMediatedDeviceTypesConfig holds inforamtion
+ about MDEV types to be defined in a specifc node that
+ matches the NodeSelector field.
+ properties:
+ mediatedDevicesTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'NodeSelector is a selector which must
+ be true for the vmi to fit on a node. Selector which
+ must match a node''s labels for the vmi to be scheduled
+ on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ required:
+ - mediatedDevicesTypes
+ - nodeSelector
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ memBalloonStatsPeriod:
+ format: int32
+ type: integer
+ migrations:
+ description: MigrationConfiguration holds migration options
+ properties:
+ allowAutoConverge:
+ type: boolean
+ allowPostCopy:
+ type: boolean
+ bandwidthPerMigration:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ completionTimeoutPerGiB:
+ format: int64
+ type: integer
+ disableTLS:
+ type: boolean
+ network:
+ type: string
+ nodeDrainTaintKey:
+ type: string
+ parallelMigrationsPerCluster:
+ format: int32
+ type: integer
+ parallelOutboundMigrationsPerNode:
+ format: int32
+ type: integer
+ progressTimeout:
+ format: int64
+ type: integer
+ unsafeMigrationOverride:
+ type: boolean
+ type: object
+ minCPUModel:
+ type: string
+ network:
+ description: NetworkConfiguration holds network options
+ properties:
+ defaultNetworkInterface:
+ type: string
+ permitBridgeInterfaceOnPodNetwork:
+ type: boolean
+ permitSlirpInterface:
+ type: boolean
+ type: object
+ obsoleteCPUModels:
+ additionalProperties:
+ type: boolean
+ type: object
+ ovmfPath:
+ type: string
+ permittedHostDevices:
+ description: PermittedHostDevices holds inforamtion about devices
+ allowed for passthrough
+ properties:
+ mediatedDevices:
+ items:
+ description: MediatedHostDevice represents a host mediated
+ device allowed for passthrough
+ properties:
+ externalResourceProvider:
+ type: boolean
+ mdevNameSelector:
+ type: string
+ resourceName:
+ type: string
+ required:
+ - mdevNameSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ pciHostDevices:
+ items:
+ description: PciHostDevice represents a host PCI device
+ allowed for passthrough
+ properties:
+ externalResourceProvider:
+ description: If true, KubeVirt will leave the allocation
+ and monitoring to an external device plugin
+ type: boolean
+ pciVendorSelector:
+ description: The vendor_id:product_id tuple of the PCI
+ device
+ type: string
+ resourceName:
+ description: The name of the resource that is representing
+ the device. Exposed by a device plugin and requested
+ by VMs. Typically of the form vendor.com/product_nameThe
+ name of the resource that is representing the device.
+ Exposed by a device plugin and requested by VMs. Typically
+ of the form vendor.com/product_name
+ type: string
+ required:
+ - pciVendorSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ selinuxLauncherType:
+ type: string
+ smbios:
+ properties:
+ family:
+ type: string
+ manufacturer:
+ type: string
+ product:
+ type: string
+ sku:
+ type: string
+ version:
+ type: string
+ type: object
+ supportedGuestAgentVersions:
+ description: deprecated
+ items:
+ type: string
+ type: array
+ virtualMachineInstancesPerNode:
+ type: integer
+ webhookConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ type: object
+ customizeComponents:
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ handler:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: The ImagePullPolicy to use.
+ type: string
+ imageRegistry:
+ description: The image registry to pull the container images from
+ Defaults to the same registry the operator's container image is
+ pulled from.
+ type: string
+ imageTag:
+ description: The image tag to use for the continer images installed.
+ Defaults to the same tag as the operator's container image.
+ type: string
+ infra:
+ description: selectors and tolerations that should apply to KubeVirt
+ infrastructure components
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2.
+ type: integer
+ type: object
+ monitorAccount:
+ description: The name of the Prometheus service account that needs
+ read-access to KubeVirt endpoints Defaults to prometheus-k8s
+ type: string
+ monitorNamespace:
+ description: The namespace Prometheus is deployed in Defaults to openshift-monitor
+ type: string
+ productComponent:
+ description: Designate the apps.kubevirt.io/component label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductComponent is not specified, the component label default
+ value is kubevirt.
+ type: string
+ productName:
+ description: Designate the apps.kubevirt.io/part-of label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductName is not specified, the part-of label will be omitted.
+ type: string
+ productVersion:
+ description: Designate the apps.kubevirt.io/version label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductVersion is not specified, KubeVirt's version will be used.
+ type: string
+ uninstallStrategy:
+ description: Specifies if kubevirt can be deleted if workloads are
+ still present. This is mainly a precaution to avoid accidental data
+ loss
+ type: string
+ workloadUpdateStrategy:
+ description: WorkloadUpdateStrategy defines at the cluster level how
+ to handle automated workload updates
+ properties:
+ batchEvictionInterval:
+ description: "BatchEvictionInterval Represents the interval to
+ wait before issuing the next batch of shutdowns \n Defaults
+ to 1 minute"
+ type: string
+ batchEvictionSize:
+ description: "BatchEvictionSize Represents the number of VMIs
+ that can be forced updated per the BatchShutdownInteral interval
+ \n Defaults to 10"
+ type: integer
+ workloadUpdateMethods:
+ description: "WorkloadUpdateMethods defines the methods that can
+ be used to disrupt workloads during automated workload updates.
+ When multiple methods are present, the least disruptive method
+ takes precedence over more disruptive methods. For example if
+ both LiveMigrate and Shutdown methods are listed, only VMs which
+ are not live migratable will be restarted/shutdown \n An empty
+ list defaults to no automated workload updating"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ workloads:
+ description: selectors and tolerations that should apply to KubeVirt
+ workloads
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2.
+ type: integer
+ type: object
+ type: object
+ status:
+ description: KubeVirtStatus represents information pertaining to a KubeVirt
+ deployment.
+ properties:
+ conditions:
+ items:
+ description: KubeVirtCondition represents a condition of a KubeVirt
+ deployment
+ properties:
+ lastProbeTime:
+ format: date-time
+ nullable: true
+ type: string
+ lastTransitionTime:
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ generations:
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - lastGeneration
+ - name
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedDeploymentConfig:
+ type: string
+ observedDeploymentID:
+ type: string
+ observedKubeVirtRegistry:
+ type: string
+ observedKubeVirtVersion:
+ type: string
+ operatorVersion:
+ type: string
+ outdatedVirtualMachineInstanceWorkloads:
+ type: integer
+ phase:
+ description: KubeVirtPhase is a label for the phase of a KubeVirt
+ deployment at the current time.
+ type: string
+ targetDeploymentConfig:
+ type: string
+ targetDeploymentID:
+ type: string
+ targetKubeVirtRegistry:
+ type: string
+ targetKubeVirtVersion:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: kubevirt-cluster-critical
+value: 1000000000
+globalDefault: false
+description: "This priority class should be used for core kubevirt components only."
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: kubevirt.io:operator
+ labels:
+ operator.kubevirt.io: ""
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+ namespace: kubevirt
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+ namespace: kubevirt
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator-rolebinding
+ namespace: kubevirt
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+ name: kubevirt-operator
+ namespace: kubevirt
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+rules:
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - services
+ - endpoints
+ - pods/exec
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - patch
+ - delete
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - clusterrolebindings
+ - roles
+ - rolebindings
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+ - update
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - privileged
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - kubevirt-handler
+ - kubevirt-controller
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - delete
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - apiregistration.k8s.io
+ resources:
+ - apiservices
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ - prometheusrules
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ verbs:
+ - update
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - delete
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines/status
+ verbs:
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstancemigrations
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstancepresets
+ verbs:
+ - watch
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - limitranges
+ verbs:
+ - watch
+ - list
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinerestores
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datasources
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - flavor.kubevirt.io
+ resources:
+ - virtualmachineflavors
+ - virtualmachineclusterflavors
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - configmaps
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - update
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/eviction
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - daemonsets
+ verbs:
+ - list
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - patch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ - virtualmachinepools/finalizers
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - update
+ - patch
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ verbs:
+ - update
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - k8s.cni.cncf.io
+ resources:
+ - network-attachment-definitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshotclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - flavor.kubevirt.io
+ resources:
+ - virtualmachineflavors
+ - virtualmachineclusterflavors
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstances
+ verbs:
+ - update
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - patch
+ - list
+ - watch
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - version
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/console
+ - virtualmachineinstances/vnc
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/start
+ - virtualmachines/stop
+ - virtualmachines/restart
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - flavor.kubevirt.io
+ resources:
+ - virtualmachineflavors
+ - virtualmachineclusterflavors
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/console
+ - virtualmachineinstances/vnc
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/start
+ - virtualmachines/stop
+ - virtualmachines/restart
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - flavor.kubevirt.io
+ resources:
+ - virtualmachineflavors
+ - virtualmachineclusterflavors
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ verbs:
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - flavor.kubevirt.io
+ resources:
+ - virtualmachineflavors
+ - virtualmachineclusterflavors
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+ name: kubevirt-operator
+ namespace: kubevirt
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ kubevirt.io: virt-operator
+ name: virt-operator
+ namespace: kubevirt
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ kubevirt.io: virt-operator
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ kubevirt.io: virt-operator
+ prometheus.kubevirt.io: "true"
+ name: virt-operator
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: kubevirt.io
+ operator: In
+ values:
+ - virt-operator
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+ containers:
+ - command:
+ - virt-operator
+ - --port
+ - "8443"
+ - -v
+ - "2"
+ env:
+ - name: OPERATOR_IMAGE
+ value: quay.io/kubevirt/virt-operator:v0.50.0
+ - name: WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.annotations['olm.targetNamespaces']
+ image: quay.io/kubevirt/virt-operator:v0.50.0
+ imagePullPolicy: IfNotPresent
+ name: virt-operator
+ ports:
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ - containerPort: 8444
+ name: webhooks
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ timeoutSeconds: 10
+ resources:
+ requests:
+ cpu: 10m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: /etc/virt-operator/certificates
+ name: kubevirt-operator-certs
+ readOnly: true
+ - mountPath: /profile-data
+ name: profile-data
+ priorityClassName: kubevirt-cluster-critical
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: kubevirt-operator
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ volumes:
+ - name: kubevirt-operator-certs
+ secret:
+ optional: true
+ secretName: kubevirt-operator-certs
+ - emptyDir: {}
+ name: profile-data
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- kubevirt-operator.yaml
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
+
+patchesStrategicMerge:
+- replicas-patch.yaml
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: virt-operator
+ namespace: kubevirt
+spec:
+ replicas: 1
+
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml -o ${SCRIPTDIR}/base/kubevirt-operator.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
--- /dev/null
+---
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+ name: kubevirt
+ namespace: kubevirt
+spec:
+ certificateRotateStrategy: {}
+ configuration:
+ developerConfiguration:
+ featureGates: []
+ customizeComponents: {}
+ imagePullPolicy: IfNotPresent
+ workloadUpdateStrategy: {}
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- kubevirt-cr.yaml
--- /dev/null
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+ name: kubevirt
+ namespace: kubevirt
+spec:
+ configuration:
+ developerConfiguration:
+ featureGates:
+ - CPUManager
+
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
+
+patchesStrategicMerge:
+- cpu-manager-feature-gate-patch.yaml
+- replicas-patch.yaml
--- /dev/null
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+ name: kubevirt
+ namespace: kubevirt
+spec:
+ infra:
+ replicas: 1
+
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-cr.yaml -o ${SCRIPTDIR}/base/kubevirt-cr.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree files
+EOF
+ ;;
+esac
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- multus-daemonset.yaml
--- /dev/null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+ group: k8s.cni.cncf.io
+ scope: Namespaced
+ names:
+ plural: network-attachment-definitions
+ singular: network-attachment-definition
+ kind: NetworkAttachmentDefinition
+ shortNames:
+ - net-attach-def
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
+ Working Group to express the intent for attaching pods to one or more logical or physical
+ networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this represen
+ tation of an object. Servers should convert recognized schemas to the
+ latest internal value, and may reject unrecognized values. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
+ type: object
+ properties:
+ config:
+ description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
+ type: string
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus
+rules:
+ - apiGroups: ["k8s.cni.cncf.io"]
+ resources:
+ - '*'
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/status
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ - events.k8s.io
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: multus
+subjects:
+- kind: ServiceAccount
+ name: multus
+ namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: multus
+ namespace: kube-system
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: multus-cni-config
+ namespace: kube-system
+ labels:
+ tier: node
+ app: multus
+data:
+ # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
+ # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
+ # change the "args" line below from
+ # - "--multus-conf-file=auto"
+ # to:
+ # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
+ # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
+ # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
+ cni-conf.json: |
+ {
+ "name": "multus-cni-network",
+ "type": "multus",
+ "capabilities": {
+ "portMappings": true
+ },
+ "delegates": [
+ {
+ "cniVersion": "0.3.1",
+ "name": "default-cni-network",
+ "plugins": [
+ {
+ "type": "flannel",
+ "name": "flannel.1",
+ "delegate": {
+ "isDefaultGateway": true,
+ "hairpinMode": true
+ }
+ },
+ {
+ "type": "portmap",
+ "capabilities": {
+ "portMappings": true
+ }
+ }
+ ]
+ }
+ ],
+ "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
+ }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: kube-multus-ds
+ namespace: kube-system
+ labels:
+ tier: node
+ app: multus
+ name: multus
+spec:
+ selector:
+ matchLabels:
+ name: multus
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ tier: node
+ app: multus
+ name: multus
+ spec:
+ hostNetwork: true
+ tolerations:
+ - operator: Exists
+ effect: NoSchedule
+ serviceAccountName: multus
+ containers:
+ - name: kube-multus
+ image: ghcr.io/k8snetworkplumbingwg/multus-cni:stable
+ command: ["/entrypoint.sh"]
+ args:
+ - "--multus-conf-file=auto"
+ - "--cni-version=0.3.1"
+ resources:
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: cni
+ mountPath: /host/etc/cni/net.d
+ - name: cnibin
+ mountPath: /host/opt/cni/bin
+ - name: multus-cfg
+ mountPath: /tmp/multus-conf
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cni
+ hostPath:
+ path: /etc/cni/net.d
+ - name: cnibin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-cfg
+ configMap:
+ name: multus-cni-config
+ items:
+ - key: cni-conf.json
+ path: 70-multus.conf
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/${MULTUS_VERSION}/images/multus-daemonset.yml -o ${SCRIPTDIR}/base/multus-daemonset.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- 'https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.10.1'
+
+patchesStrategicMerge:
+- nfd-worker-conf-patch.yaml
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: nfd-worker-conf
+ namespace: node-feature-discovery
+data:
+ nfd-worker.conf: |
+ sources:
+ custom:
+ - name: "iavf"
+ matchOn:
+ - pciId:
+ class: ["0200"]
+ vendor: ["8086"]
+ device: ["1574", "1580", "1583", "1584", "1587", "1588", "37ce", "37cf", "37d0", "37d1", "37d2", "37d3"]
+ - name: "qat"
+ matchOn:
+ - pciId:
+ class: ["0b40"]
+ vendor: ["8086"]
+ device: ["0435", "37c8", "6f54", "19e2"]
+ pci:
+ deviceClassWhitelist:
+ - "03"
+ - "12"
+ - "0200"
+ - "0b40"
+ deviceLabelFields:
+ - "class"
+ - "vendor"
+ - "device"
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ovnnetwork.yaml
--- /dev/null
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ name: ovn-networkobj
+ namespace: default
+spec:
+ config: '{
+ "cniVersion": "0.3.1",
+ "name": "ovn4nfv-k8s-plugin",
+ "type": "ovn4nfvk8s-cni"
+ }'
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ovn-daemonset.yaml
+- ovn4nfv-k8s-plugin.yaml
--- /dev/null
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: ovn-nb-tcp
+ namespace: kube-system
+spec:
+ ports:
+ - name: ovn-nb-tcp
+ protocol: TCP
+ port: 6641
+ targetPort: 6641
+ type: ClusterIP
+ selector:
+ app: ovn-control-plane
+ sessionAffinity: None
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: ovn-sb-tcp
+ namespace: kube-system
+spec:
+ ports:
+ - name: ovn-sb-tcp
+ protocol: TCP
+ port: 6642
+ targetPort: 6642
+ type: ClusterIP
+ selector:
+ app: ovn-control-plane
+ sessionAffinity: None
+
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: ovn-control-plane
+ namespace: kube-system
+ annotations:
+ kubernetes.io/description: |
+ OVN control plane deployment using tcp: ovn-northd-tcp, ovn-nb-tcp and ovn-sb-tcp.
+spec:
+ replicas: 1
+ strategy:
+ rollingUpdate:
+ maxSurge: 0%
+ maxUnavailable: 100%
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: ovn-control-plane
+ template:
+ metadata:
+ labels:
+ app: ovn-control-plane
+ spec:
+ tolerations:
+ - operator: Exists
+ effect: NoSchedule
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app: ovn-control-plane
+ topologyKey: kubernetes.io/hostname
+ priorityClassName: system-cluster-critical
+ hostNetwork: true
+ containers:
+ - name: ovn-control-plane
+ image: docker.io/integratedcloudnative/ovn-images:v2.2.0
+ imagePullPolicy: IfNotPresent
+ command: ["ovn4nfv-k8s", "start_ovn_control_plane"]
+ securityContext:
+ capabilities:
+ add: ["SYS_NICE"]
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ resources:
+ requests:
+ cpu: 500m
+ memory: 300Mi
+ volumeMounts:
+ - mountPath: /var/run/openvswitch
+ name: host-run-ovs
+ - mountPath: /var/run/ovn
+ name: host-run-ovn
+ - mountPath: /sys
+ name: host-sys
+ readOnly: true
+ - mountPath: /etc/openvswitch
+ name: host-config-openvswitch
+ - mountPath: /var/log/openvswitch
+ name: host-log-ovs
+ - mountPath: /var/log/ovn
+ name: host-log-ovn
+ readinessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_control_plane"]
+ periodSeconds: 3
+ livenessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_control_plane"]
+ initialDelaySeconds: 30
+ periodSeconds: 7
+ failureThreshold: 5
+ nodeSelector:
+ kubernetes.io/os: "linux"
+ ovn4nfv-k8s-plugin: ovn-control-plane
+ volumes:
+ - name: host-run-ovs
+ hostPath:
+ path: /run/openvswitch
+ - name: host-run-ovn
+ hostPath:
+ path: /run/ovn
+ - name: host-sys
+ hostPath:
+ path: /sys
+ - name: host-config-openvswitch
+ hostPath:
+ path: /etc/origin/openvswitch
+ - name: host-log-ovs
+ hostPath:
+ path: /var/log/openvswitch
+ - name: host-log-ovn
+ hostPath:
+ path: /var/log/ovn
+
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: ovn-controller
+ namespace: kube-system
+ annotations:
+ kubernetes.io/description: |
+ OVN controller: Start ovsdb-server & ovs-vswitchd components, and ovn controller
+spec:
+ selector:
+ matchLabels:
+ app: ovn-controller
+ updateStrategy:
+ type: OnDelete
+ template:
+ metadata:
+ labels:
+ app: ovn-controller
+ spec:
+ tolerations:
+ - operator: Exists
+ effect: NoSchedule
+ priorityClassName: system-cluster-critical
+ hostNetwork: true
+ hostPID: true
+ containers:
+ - name: ovn-controller
+ image: docker.io/integratedcloudnative/ovn-images:v2.2.0
+ imagePullPolicy: IfNotPresent
+ command: ["ovn4nfv-k8s", "start_ovn_controller"]
+ securityContext:
+ runAsUser: 0
+ privileged: true
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - mountPath: /lib/modules
+ name: host-modules
+ readOnly: true
+ - mountPath: /var/run/openvswitch
+ name: host-run-ovs
+ - mountPath: /var/run/ovn
+ name: host-run-ovn
+ - mountPath: /sys
+ name: host-sys
+ readOnly: true
+ - mountPath: /etc/openvswitch
+ name: host-config-openvswitch
+ - mountPath: /var/log/openvswitch
+ name: host-log-ovs
+ - mountPath: /var/log/ovn
+ name: host-log-ovn
+ readinessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_controller"]
+ periodSeconds: 5
+ livenessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_controller"]
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ failureThreshold: 5
+ resources:
+ requests:
+ cpu: 200m
+ memory: 300Mi
+ limits:
+ cpu: 1000m
+ memory: 800Mi
+ nodeSelector:
+ kubernetes.io/os: "linux"
+ volumes:
+ - name: host-modules
+ hostPath:
+ path: /lib/modules
+ - name: host-run-ovs
+ hostPath:
+ path: /run/openvswitch
+ - name: host-run-ovn
+ hostPath:
+ path: /run/ovn
+ - name: host-sys
+ hostPath:
+ path: /sys
+ - name: host-config-openvswitch
+ hostPath:
+ path: /etc/origin/openvswitch
+ - name: host-log-ovs
+ hostPath:
+ path: /var/log/openvswitch
+ - name: host-log-ovn
+ hostPath:
+ path: /var/log/ovn
--- /dev/null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: networkchainings.k8s.plugin.opnfv.org
+spec:
+ group: k8s.plugin.opnfv.org
+ names:
+ kind: NetworkChaining
+ listKind: NetworkChainingList
+ plural: networkchainings
+ singular: networkchaining
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: NetworkChaining is the Schema for the networkchainings API
+ properties:
+ apiVersion:
+ description:
+ "APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
+ type: string
+ kind:
+ description:
+ "Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NetworkChainingSpec defines the desired state of NetworkChaining
+ properties:
+ chainType:
+ type: string
+ routingSpec:
+ properties:
+ left:
+ items:
+ properties:
+ gatewayIp:
+ type: string
+ networkName:
+ type: string
+ subnet:
+ type: string
+ podSelector:
+ type: object
+ properties:
+ matchExpressions:
+ type: array
+ items:
+ type: object
+ properties:
+ key:
+ type: string
+ operator:
+ enum:
+ - In
+ - NotIn
+ - Exists
+ - DoesNotExist
+ type: string
+ values:
+ type: array
+ items:
+ type: string
+ pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
+ matchLabels:
+ x-kubernetes-preserve-unknown-fields: true
+ namespaceSelector:
+ type: object
+ properties:
+ matchExpressions:
+ type: array
+ items:
+ type: object
+ properties:
+ key:
+ type: string
+ operator:
+ enum:
+ - In
+ - NotIn
+ - Exists
+ - DoesNotExist
+ type: string
+ values:
+ type: array
+ items:
+ type: string
+ pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
+ matchLabels:
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - gatewayIp
+ - networkName
+ type: object
+ type: array
+ namespace:
+ type: string
+ networkChain:
+ type: string
+ right:
+ items:
+ properties:
+ gatewayIp:
+ type: string
+ networkName:
+ type: string
+ subnet:
+ type: string
+ podSelector:
+ type: object
+ properties:
+ matchExpressions:
+ type: array
+ items:
+ type: object
+ properties:
+ key:
+ type: string
+ operator:
+ enum:
+ - In
+ - NotIn
+ - Exists
+ - DoesNotExist
+ type: string
+ values:
+ type: array
+ items:
+ type: string
+ pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
+ matchLabels:
+ x-kubernetes-preserve-unknown-fields: true
+ namespaceSelector:
+ type: object
+ properties:
+ matchExpressions:
+ type: array
+ items:
+ type: object
+ properties:
+ key:
+ type: string
+ operator:
+ enum:
+ - In
+ - NotIn
+ - Exists
+ - DoesNotExist
+ type: string
+ values:
+ type: array
+ items:
+ type: string
+ pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
+ matchLabels:
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - gatewayIp
+ - networkName
+ type: object
+ type: array
+ required:
+ - left
+ - namespace
+ - networkChain
+ - right
+ type: object
+ required:
+ - chainType
+ - routingSpec
+ type: object
+ status:
+ description: NetworkChainingStatus defines the observed state of NetworkChaining
+ properties:
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: networks.k8s.plugin.opnfv.org
+spec:
+ group: k8s.plugin.opnfv.org
+ names:
+ kind: Network
+ listKind: NetworkList
+ plural: networks
+ singular: network
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description:
+ "APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
+ type: string
+ kind:
+ description:
+ "Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ cniType:
+ description:
+ 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ Important: Run "operator-sdk generate k8s" to regenerate code after
+ modifying this file Add custom validation using kubebuilder tags:
+ https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
+ type: string
+ dns:
+ properties:
+ domain:
+ type: string
+ nameservers:
+ items:
+ type: string
+ type: array
+ options:
+ items:
+ type: string
+ type: array
+ search:
+ items:
+ type: string
+ type: array
+ type: object
+ ipv4Subnets:
+ items:
+ properties:
+ excludeIps:
+ type: string
+ gateway:
+ type: string
+ name:
+ type: string
+ subnet:
+ type: string
+ required:
+ - name
+ - subnet
+ type: object
+ type: array
+ ipv6Subnets:
+ items:
+ properties:
+ excludeIps:
+ type: string
+ gateway:
+ type: string
+ name:
+ type: string
+ subnet:
+ type: string
+ required:
+ - name
+ - subnet
+ type: object
+ type: array
+ routes:
+ items:
+ properties:
+ dst:
+ type: string
+ gw:
+ type: string
+ required:
+ - dst
+ type: object
+ type: array
+ required:
+ - cniType
+ - ipv4Subnets
+ type: object
+ status:
+ properties:
+ state:
+ description:
+ 'INSERT ADDITIONAL STATUS FIELD - define observed state
+ of cluster Important: Run "operator-sdk generate k8s" to regenerate
+ code after modifying this file Add custom validation using kubebuilder
+ tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: providernetworks.k8s.plugin.opnfv.org
+spec:
+ group: k8s.plugin.opnfv.org
+ names:
+ kind: ProviderNetwork
+ listKind: ProviderNetworkList
+ plural: providernetworks
+ singular: providernetwork
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ProviderNetwork is the Schema for the providernetworks API
+ properties:
+ apiVersion:
+ description:
+ "APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+ type: string
+ kind:
+ description:
+ "Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProviderNetworkSpec defines the desired state of ProviderNetwork
+ properties:
+ cniType:
+ description:
+ 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ Important: Run "operator-sdk generate k8s" to regenerate code after
+ modifying this file Add custom validation using kubebuilder tags:
+ https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
+ type: string
+ direct:
+ properties:
+ directNodeSelector:
+ type: string
+ nodeLabelList:
+ items:
+ type: string
+ type: array
+ providerInterfaceName:
+ type: string
+ required:
+ - directNodeSelector
+ - providerInterfaceName
+ type: object
+ dns:
+ properties:
+ domain:
+ type: string
+ nameservers:
+ items:
+ type: string
+ type: array
+ options:
+ items:
+ type: string
+ type: array
+ search:
+ items:
+ type: string
+ type: array
+ type: object
+ ipv4Subnets:
+ items:
+ properties:
+ excludeIps:
+ type: string
+ gateway:
+ type: string
+ name:
+ type: string
+ subnet:
+ type: string
+ required:
+ - name
+ - subnet
+ type: object
+ type: array
+ ipv6Subnets:
+ items:
+ properties:
+ excludeIps:
+ type: string
+ gateway:
+ type: string
+ name:
+ type: string
+ subnet:
+ type: string
+ required:
+ - name
+ - subnet
+ type: object
+ type: array
+ providerNetType:
+ type: string
+ routes:
+ items:
+ properties:
+ dst:
+ type: string
+ gw:
+ type: string
+ required:
+ - dst
+ type: object
+ type: array
+ vlan:
+ properties:
+ logicalInterfaceName:
+ type: string
+ nodeLabelList:
+ items:
+ type: string
+ type: array
+ providerInterfaceName:
+ type: string
+ vlanId:
+ type: string
+ vlanNodeSelector:
+ type: string
+ required:
+ - providerInterfaceName
+ - vlanId
+ - vlanNodeSelector
+ type: object
+ required:
+ - cniType
+ - ipv4Subnets
+ - providerNetType
+ type: object
+ status:
+ description: ProviderNetworkStatus defines the observed state of ProviderNetwork
+ properties:
+ state:
+ description:
+ 'INSERT ADDITIONAL STATUS FIELD - define observed state
+ of cluster Important: Run "operator-sdk generate k8s" to regenerate
+ code after modifying this file Add custom validation using kubebuilder
+ tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: k8s-nfn-sa
+ namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ name: k8s-nfn-cr
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/status
+ - services
+ - endpoints
+ - persistentvolumeclaims
+ - events
+ - configmaps
+ - secrets
+ - nodes
+ - namespaces
+ verbs:
+ - "*"
+ - apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ - replicasets
+ - statefulsets
+ verbs:
+ - "*"
+ - apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ verbs:
+ - get
+ - create
+ - apiGroups:
+ - apps
+ resourceNames:
+ - nfn-operator
+ resources:
+ - deployments/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - k8s.plugin.opnfv.org
+ resources:
+ - "*"
+ - providernetworks
+ verbs:
+ - "*"
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: k8s-nfn-crb
+subjects:
+ - kind: Group
+ name: system:serviceaccounts
+ apiGroup: rbac.authorization.k8s.io
+roleRef:
+ kind: ClusterRole
+ name: k8s-nfn-cr
+ apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nfn-operator
+ namespace: kube-system
+spec:
+ type: NodePort
+ ports:
+ - port: 50000
+ protocol: TCP
+ targetPort: 50000
+ selector:
+ name: nfn-operator
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: ovn-controller-network
+ namespace: kube-system
+data:
+ OVN_SUBNET: "10.151.142.0/18"
+ OVN_GATEWAYIP: "10.151.142.1/18"
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nfn-operator
+ namespace: kube-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: nfn-operator
+ template:
+ metadata:
+ labels:
+ name: nfn-operator
+ spec:
+ hostNetwork: true
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: ovn4nfv-k8s-plugin
+ operator: In
+ values:
+ - ovn-control-plane
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ effect: "NoSchedule"
+ operator: "Exists"
+ serviceAccountName: k8s-nfn-sa
+ containers:
+ - name: nfn-operator
+ image: docker.io/integratedcloudnative/ovn4nfv-k8s-plugin:v5.0.0
+ command: ["/usr/local/bin/entrypoint", "operator"]
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - configMapRef:
+ name: ovn-controller-network
+ ports:
+ - containerPort: 50000
+ protocol: TCP
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: OPERATOR_NAME
+ value: "nfn-operator"
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: ovn4nfv-cni-config
+ namespace: kube-system
+ labels:
+ app: ovn4nfv
+data:
+ ovn4nfv_k8s.conf: |
+ [logging]
+ loglevel=5
+ logfile=/var/log/openvswitch/ovn4k8s.log
+
+ [cni]
+ conf-dir=/etc/cni/net.d
+ plugin=ovn4nfvk8s-cni
+
+ [kubernetes]
+ kubeconfig=/etc/cni/net.d/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig
+ 20-network.conf: |
+ {
+ "name": "ovn4nfv-k8s-plugin",
+ "type": "ovn4nfvk8s-cni",
+ "cniVersion": "0.3.1"
+ }
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: ovn4nfv-cni
+ namespace: kube-system
+ labels:
+ app: ovn4nfv
+spec:
+ updateStrategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: ovn4nfv
+ template:
+ metadata:
+ labels:
+ app: ovn4nfv
+ spec:
+ hostNetwork: true
+ nodeSelector:
+ beta.kubernetes.io/arch: amd64
+ tolerations:
+ - operator: Exists
+ effect: NoSchedule
+ serviceAccountName: k8s-nfn-sa
+ containers:
+ - name: ovn4nfv
+ image: docker.io/integratedcloudnative/ovn4nfv-k8s-plugin:v5.0.0
+ command: ["/usr/local/bin/entrypoint", "cni"]
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+ cpu: 100m
+ memory: 50Mi
+ limits:
+ cpu: 100m
+ memory: 50Mi
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: cni
+ mountPath: /host/etc/cni/net.d
+ - name: cnibin
+ mountPath: /host/opt/cni/bin
+ - name: cniconf
+ mountPath: /host/etc/openvswitch
+ - name: ovn4nfv-cfg
+ mountPath: /tmp/ovn4nfv-conf
+ - name: ovn4nfv-cni-net-conf
+ mountPath: /tmp/ovn4nfv-cni
+ volumes:
+ - name: cni
+ hostPath:
+ path: /etc/cni/net.d
+ - name: cnibin
+ hostPath:
+ path: /opt/cni/bin
+ - name: cniconf
+ hostPath:
+ path: /etc/openvswitch
+ - name: ovn4nfv-cfg
+ configMap:
+ name: ovn4nfv-cni-config
+ items:
+ - key: ovn4nfv_k8s.conf
+ path: ovn4nfv_k8s.conf
+ - name: ovn4nfv-cni-net-conf
+ configMap:
+ name: ovn4nfv-cni-config
+ items:
+ - key: 20-network.conf
+ path: 20-network.conf
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: nfn-agent
+ namespace: kube-system
+ labels:
+ app: nfn-agent
+spec:
+ selector:
+ matchLabels:
+ app: nfn-agent
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: nfn-agent
+ spec:
+ hostNetwork: true
+ hostPID: true
+ nodeSelector:
+ beta.kubernetes.io/arch: amd64
+ tolerations:
+ - operator: Exists
+ effect: NoSchedule
+ serviceAccountName: k8s-nfn-sa
+ containers:
+ - name: nfn-agent
+ image: docker.io/integratedcloudnative/ovn4nfv-k8s-plugin:v5.0.0
+ command: ["/usr/local/bin/entrypoint", "agent"]
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - configMapRef:
+ name: ovn-controller-network
+ resources:
+ requests:
+ cpu: 100m
+ memory: 50Mi
+ limits:
+ cpu: 100m
+ memory: 50Mi
+ env:
+ - name: NFN_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ securityContext:
+ runAsUser: 0
+ capabilities:
+ add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
+ privileged: true
+ volumeMounts:
+ - mountPath: /var/run/dbus/
+ name: host-var-run-dbus
+ readOnly: true
+ - mountPath: /run/openvswitch
+ name: host-run-ovs
+ - mountPath: /var/run/openvswitch
+ name: host-var-run-ovs
+ - mountPath: /var/run
+ name: host-var-run
+ - mountPath: /host/proc
+ name: host-proc
+ - mountPath: /host/sys
+ name: host-sys
+ - mountPath: /var/run/ovn4nfv-k8s-plugin
+ name: host-var-cniserver-socket-dir
+ volumes:
+ - name: host-run-ovs
+ hostPath:
+ path: /run/openvswitch
+ - name: host-var-run-ovs
+ hostPath:
+ path: /var/run/openvswitch
+ - name: host-var-run-dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: host-var-cniserver-socket-dir
+ hostPath:
+ path: /var/run/ovn4nfv-k8s-plugin
+ - name: host-var-run
+ hostPath:
+ path: /var/run
+ - name: host-proc
+ hostPath:
+ path: /proc
+ - name: host-sys
+ hostPath:
+ path: /sys
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
+
+patchesStrategicMerge:
+- mount-var-run-shared-patch.yaml
+
+patchesJson6902:
+- path: nfn-operator-affinity-patch.json
+ target:
+ kind: Deployment
+ name: nfn-operator
+ namespace: kube-system
+- path: ovn-control-plane-node-selector-patch.json
+ target:
+ kind: Deployment
+ name: ovn-control-plane
+ namespace: kube-system
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: nfn-agent
+ namespace: kube-system
+spec:
+ template:
+ spec:
+ containers:
+ - name: nfn-agent
+ volumeMounts:
+ - mountPath: /var/run
+ name: host-var-run
+ mountPropagation: Bidirectional
--- /dev/null
+[
+ {
+ "op": "replace",
+ "path": "/spec/template/spec/affinity",
+ "value": {
+ "podAffinity": {
+ "requiredDuringSchedulingIgnoredDuringExecution": [{
+ "labelSelector": {
+ "matchExpressions": [{
+ "key": "app",
+ "operator": "In",
+ "values": ["ovn-control-plane"]
+ }]
+ },
+ "topologyKey": "kubernetes.io/hostname"
+ }]
+ }
+ }
+ }
+]
+
+
--- /dev/null
+[
+ {
+ "op": "replace",
+ "path": "/spec/template/spec/nodeSelector",
+ "value": {
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": ""
+ }
+ }
+]
+
+
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/${NODUS_VERSION}/deploy/ovn-daemonset.yaml -o ${SCRIPTDIR}/base/ovn-daemonset.yaml
+ curl -sL https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/${NODUS_VERSION}/deploy/ovn4nfv-k8s-plugin.yaml -o ${SCRIPTDIR}/base/ovn4nfv-k8s-plugin.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: qat-driver-installer
+ namespace: kube-system
+ labels:
+ role: qat-driver-installer
+spec:
+ selector:
+ matchLabels:
+ role: qat-driver-installer
+ template:
+ metadata:
+ labels:
+ role: qat-driver-installer
+ spec:
+ hostPID: true
+ initContainers:
+ - image: "integratedcloudnative/qat-driver-installer:latest"
+ imagePullPolicy: IfNotPresent
+ name: qat-driver-installer
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: qat-install-dir
+ mountPath: "/usr/local/qat"
+ - name: root-dir
+ mountPath: "/root"
+ - name: lib-modules-dir
+ mountPath: "/root/lib/modules"
+ - name: run-systemd-dir
+ mountPath: "/root/run/systemd/system"
+ containers:
+ - image: "gcr.io/google-containers/pause:3.2"
+ name: pause
+ volumes:
+ - name: qat-install-dir
+ hostPath:
+ path: "/opt/qat"
+ - name: root-dir
+ hostPath:
+ path: "/"
+ - name: lib-modules-dir
+ hostPath:
+ path: "/lib/modules"
+ - name: run-systemd-dir
+ hostPath:
+ path: "/run/systemd/system"
+ nodeSelector:
+ feature.node.kubernetes.io/iommu-enabled: "true"
+ feature.node.kubernetes.io/custom-qat: "true"
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- daemonset.yaml
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: intel-qat-kernel-plugin
+ labels:
+ app: intel-qat-kernel-plugin
+spec:
+ selector:
+ matchLabels:
+ app: intel-qat-kernel-plugin
+ template:
+ metadata:
+ labels:
+ app: intel-qat-kernel-plugin
+ spec:
+ containers:
+ - name: intel-qat-kernel-plugin
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: true
+ image: intel/intel-qat-plugin:0.23.0
+ imagePullPolicy: IfNotPresent
+ args: ["-mode", "kernel"]
+ volumeMounts:
+ - name: devfs
+ mountPath: /dev
+ - name: etcdir
+ mountPath: /etc
+ readOnly: true
+ - name: kubeletsockets
+ mountPath: /var/lib/kubelet/device-plugins
+ volumes:
+ - name: etcdir
+ hostPath:
+ path: /etc
+ - name: kubeletsockets
+ hostPath:
+ path: /var/lib/kubelet/device-plugins
+ - name: devfs
+ hostPath:
+ path: /dev
+ nodeSelector:
+ kubernetes.io/arch: amd64
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- instal-qat-kernel-plugin.yaml
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- ../base
+
+patchesStrategicMerge:
+- node-selector-patch.yaml
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: intel-qat-kernel-plugin
+spec:
+ template:
+ spec:
+ nodeSelector:
+ feature.node.kubernetes.io/iommu-enabled: "true"
+ feature.node.kubernetes.io/custom-qat: "true"
--- /dev/null
+#!/usr/bin/env bash
+set -eEux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+# Upstream QAT plugin includes a kustomization already, but it
+# references the intel-qat-plugin.yaml instead of the
+# intel-qat-kernel-plugin.yaml, so recreate a kustomization in-tree.
+function build_source {
+ mkdir -p ${SCRIPTDIR}/base
+ curl -sL https://raw.githubusercontent.com/intel/intel-device-plugins-for-kubernetes/${QAT_VERSION}/deployments/qat_plugin/base/intel-qat-kernel-plugin.yaml -o ${SCRIPTDIR}/base/instal-qat-kernel-plugin.yaml
+ rm -f ${SCRIPTDIR}/base/kustomization.yaml
+ pushd ${SCRIPTDIR}/base && kustomize create --autodetect && popd
+}
+
+case $1 in
+ "build-source") build_source ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ build-source - Rebuild the in-tree YAML files
+EOF
+ ;;
+esac
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cdi-operator
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/cdi-operator
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cdi-operator
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/cdi-operator/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cdi
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/cdi
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: cdi-operator
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cdi
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/cdi/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ dependsOn:
+ - name: cdi-operator
+ wait: true
+ timeout: 10m
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cert-manager
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/cert-manager/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cpu-manager
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/cpu-manager
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cpu-manager
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/cpu-manager/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ dependsOn:
+ - name: cert-manager
+ wait: true
+ timeout: 10m
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+
resources:
- gotk-components.yaml
- gotk-sync.yaml
+
+patchesJson6902:
+- path: run-as-user-patch.json
+ target:
+ kind: Deployment
+ name: helm-controller
+- path: run-as-user-patch.json
+ target:
+ kind: Deployment
+ name: kustomize-controller
+- path: run-as-user-patch.json
+ target:
+ kind: Deployment
+ name: notification-controller
+- path: run-as-user-patch.json
+ target:
+ kind: Deployment
+ name: source-controller
--- /dev/null
+[
+ { "op": "add", "path": "/spec/template/spec/containers/0/securityContext/runAsUser", "value": 65534 }
+]
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: iavf-driver-installer
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/iavf-driver-installer/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
namespace: flux-system
spec:
interval: 10m0s
- path: ./deploy/kata/base
+ path: ./deploy/kata/icn
prune: true
sourceRef:
kind: GitRepository
name: icn
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: kubevirt-operator
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/kubevirt-operator
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
- values:
- replicaCount: 1
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: kubevirt-operator
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/kubevirt-operator/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: kubevirt
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/kubevirt
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: kubevirt-operator
- values:
- infra:
- replicas: 1
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: kubevirt
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/kubevirt/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ dependsOn:
+ - name: kubevirt-operator
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: podsecurity
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: deploy/podsecurity
- sourceRef:
- kind: GitRepository
- name: icn
- namespace: flux-system
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- values:
- roleRef: psp:privileged
--- /dev/null
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: psp:privileged-kud
+ namespace: kud
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: psp:privileged
+subjects:
+- kind: Group
+ name: system:serviceaccounts:kud
+ apiGroup: rbac.authorization.k8s.io
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: multus-cni
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/multus-cni
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
- values:
- config:
- enabled: false
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: multus-cni
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/multus-cni/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: node-feature-discovery
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/node-feature-discovery
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: node-feature-discovery
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/node-feature-discovery/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: nodus-network
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/nodus-network/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ dependsOn:
+ - name: multus-cni
+ wait: true
+ timeout: 10m
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: nodus
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/nodus/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: ovn4nfv-network
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/ovn4nfv-network
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: multus-cni
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: ovn4nfv
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/ovn4nfv
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: qat-device-plugin
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/qat-device-plugin
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- dependsOn:
- - name: podsecurity
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: qat-driver-installer
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/qat-driver-installer/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: qat-plugin
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/qat-plugin/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ wait: true
+ timeout: 10m
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: sriov-network-operator
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/sriov-network-operator/icn
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ dependsOn:
+ - name: multus-cni
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: sriov-network-operator
+ namespace: kud
+ timeout: 10m
+++ /dev/null
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: sriov-network
- namespace: kud
-spec:
- interval: 5m
- chart:
- spec:
- chart: kud/deployment_infra/helm/sriov-network
- sourceRef:
- kind: GitRepository
- name: kud
- interval: 1m
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- # Deployment of sriov-network causes the SR-IOV operator to drain
- # the node, including the Flux controllers. If the Helm controller
- # is restarted while a chart install is pending, it is possible that
- # the chart state becomes stuck in "pending-install" and manual
- # intervention (deleting the Helm secret for the chart) is required
- # to fix it. Depending on the other charts in this cluster should
- # prevent this issue from occurring.
- dependsOn:
- - name: cdi
- - name: cpu-manager
- - name: kubevirt
- - name: ovn4nfv-network
- - name: ovn4nfv
- - name: node-feature-discovery
- - name: qat-device-plugin
- - name: sriov-network-operator
- - namespace: emco
- name: services
- - namespace: emco
- name: tools
- - namespace: emco
- name: monitor
--- /dev/null
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: sriov-network
+ namespace: kud
+spec:
+ interval: 5m
+ path: deploy/sriov-network
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: icn
+ namespace: flux-system
+ dependsOn:
+ - name: sriov-network-operator
+ wait: true
+ timeout: 10m
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- source.yaml
+- release.yaml
+
interval: 5m
chart:
spec:
- chart: kud/deployment_infra/helm/sriov-network-operator
+ chart: deployment/sriov-network-operator
sourceRef:
kind: GitRepository
- name: kud
+ name: k8snetworkplumbingwg
interval: 1m
install:
remediation:
upgrade:
remediation:
retries: -1
- dependsOn:
- - name: multus-cni
+ values:
+ operator:
+ resourcePrefix: "intel.com"
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
- name: kud
+ name: k8snetworkplumbingwg
namespace: kud
spec:
interval: 1m
- url: https://gerrit.onap.org/r/multicloud/k8s
+ url: https://github.com/k8snetworkplumbingwg/sriov-network-operator.git
+ ref:
+ tag: v1.1.0
ignore: |
# exclude all
/*
# include charts directory
- !/kud/deployment_infra/helm
+ !/deployment
--- /dev/null
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kud
+
+resources:
+- sriovnetworknodepolicy.yaml
+- sriovnetwork.yaml
+
--- /dev/null
+---
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetwork
+metadata:
+ name: sriov-intel
+spec:
+ ipam: |
+ {
+ "type": "host-local",
+ "subnet": "10.56.206.0/24",
+ "routes": [{
+ "dst": "0.0.0.0/0"
+ }],
+ "gateway": "10.56.206.1"
+ }
+ networkNamespace: default
+ resourceName: "intel_sriov_nic"
--- /dev/null
+---
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+ name: policy-xl710
+spec:
+ deviceType: "vfio-pci"
+ nicSelector:
+ deviceID: "1583"
+ vendor: "8086"
+ nodeSelector:
+ feature.node.kubernetes.io/network-sriov.capable: "true"
+ feature.node.kubernetes.io/pci-0200_8086_1583.present: "true"
+ numVfs: 8
+ resourceName: "intel_sriov_nic"
+---
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+ name: policy-82599es
+spec:
+ deviceType: "vfio-pci"
+ nicSelector:
+ deviceID: "10fb"
+ vendor: "8086"
+ nodeSelector:
+ feature.node.kubernetes.io/network-sriov.capable: "true"
+ feature.node.kubernetes.io/pci-0200_8086_10fb.present: "true"
+ numVfs: 8
+ resourceName: "intel_sriov_nic"
+---
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+ name: "policy-i350"
+spec:
+ deviceType: "vfio-pci"
+ nicSelector:
+ deviceID: "1521"
+ vendor: "8086"
+ nodeSelector:
+ feature.node.kubernetes.io/network-sriov.capable: "true"
+ feature.node.kubernetes.io/pci-0200_8086_1521.present: "true"
+ numVfs: 2
+ resourceName: "intel_sriov_nic"
--- /dev/null
+#!/usr/bin/env bash
+set -eux -o pipefail
+
+SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
+LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
+
+source $LIBDIR/common.sh
+
+function deploy {
+ curl -LO "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -o yq
+ sudo install -o root -g root -m 0755 yq /usr/local/bin/yq
+ rm yq
+}
+
+case $1 in
+ "deploy") deploy ;;
+ *) cat <<EOF
+Usage: $(basename $0) COMMAND
+
+Commands:
+ deploy - Deploy yq
+EOF
+ ;;
+esac
#jump server K8s cluster
KUBECTL_VERSION="v1.20.7"
+#The yq version to use
+YQ_VERSION="v4.20.1"
+
+#Addon versions
+CDI_VERSION="v1.44.1"
+CPU_MANAGER_VERSION="v1.4.1"
+KUBEVIRT_VERSION="v0.50.0"
+MULTUS_VERSION="v3.8"
+NODUS_VERSION="dd9985e5be010b764b324b57c1afe985a59abf68"
+QAT_VERSION="v0.23.0"
+
#refered from onap
function call_api {
#Runs curl with passed flags and provides